CVE-2022-26377<https://www.shodan.io/search?query=vuln%3ACVE-2022-26377>
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it forwards
requests to. This issue affects Apache HTTP Server Apache HTTP Server
2.4 version 2.4.53 and prior versions.
CVE-2017-7679<https://www.shodan.io/search?query=vuln%3ACVE-2017-7679>
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime
can read one byte past the end of a buffer when sending a malicious
Content-Type response header.
CVE-2022-0778<https://www.shodan.io/search?query=vuln%3ACVE-2022-0778>
The BN_mod_sqrt() function, which computes a modular square root,
contains a bug that can cause it to loop forever for non-prime moduli.
Internally this function is used when parsing certificates that
contain elliptic curve public keys in compressed form or explicit
elliptic curve parameters with a base point encoded in compressed
form. It is possible to trigger the infinite loop by crafting a
certificate that has invalid explicit curve parameters. Since
certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate
may thus be subject to a denial of service attack. The infinite loop
can also be reached when parsing crafted private keys as they can
contain explicit elliptic curve parameters. Thus vulnerable situations
include: - TLS clients consuming server certificates - TLS servers
consuming client certificates - Hosting providers taking certificates
or private keys from customers - Certificate authorities parsing
certification requests from subscribers - Anything else which parses
ASN.1 elliptic curve parameters Also any other applications that use
the BN_mod_sqrt() where the attacker can control the parameter values
are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the
public key is not parsed during initial parsing of the certificate
which makes it slightly harder to trigger the infinite loop. However
any operation which requires the public key from the certificate will
trigger the infinite loop. In particular the attacker can use a
self-signed certificate to trigger the loop during verification of the
certificate signature. This issue affects OpenSSL versions 1.0.2,
1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on
the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1).
Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL
1.0.2zd (Affected 1.0.2-1.0.2zc).
CVE-2020-1934<https://www.shodan.io/search?query=vuln%3ACVE-2020-1934>
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use
uninitialized memory when proxying to a malicious FTP server.
CVE-2018-17189<https://www.shodan.io/search?query=vuln%3ACVE-2018-17189>
In Apache HTTP server versions 2.4.37 and prior, by sending request
bodies in a slow loris way to plain resources, the h2 stream for that
request unnecessarily occupied a server thread cleaning up that
incoming data. This affects only HTTP/2 (mod_http2) connections.
CVE-2017-9798<https://www.shodan.io/search?query=vuln%3ACVE-2017-9798>
Apache httpd allows remote attackers to read secret data from process
memory if the Limit directive can be set in a user's .htaccess file,
or if httpd.conf has certain misconfigurations, aka Optionsbleed. This
affects the Apache HTTP Server through 2.2.34 and 2.4.x through
2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request
when attempting to read secret data. This is a use-after-free issue
and thus secret data is not always sent, and the specific data depends
on many factors including configuration. Exploitation with .htaccess
can be blocked with a patch to the ap_limit_section function in
server/core.c.
CVE-2019-10082<https://www.shodan.io/search?query=vuln%3ACVE-2019-10082>
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the
http/2 session handling could be made to read memory after being
freed, during connection shutdown.
CVE-2022-29404<https://www.shodan.io/search?query=vuln%3ACVE-2022-29404>
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua
script that calls r:parsebody(0) may cause a denial of service due to
no default limit on possible input size.
CVE-2020-1971<https://www.shodan.io/search?query=vuln%3ACVE-2020-1971>
The X.509 GeneralName type is a generic type for representing
different types of names. One of those name types is known as
EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which
compares different instances of a GENERAL_NAME to see if they are
equal or not. This function behaves incorrectly when both
GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and
a crash may occur leading to a possible denial of service attack.
OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1)
Comparing CRL distribution point names between an available CRL and a
CRL distribution point embedded in an X509 certificate 2) When
verifying that a timestamp response token signer matches the timestamp
authority name (exposed via the API functions TS_RESP_verify_response
and TS_RESP_verify_token) If an attacker can control both items being
compared then that attacker could trigger a crash. For example if the
attacker can trick a client or server into checking a malicious
certificate against a malicious CRL then this may occur. Note that
some applications automatically download CRLs based on a URL embedded
in a certificate. This checking happens prior to the signatures on the
certificate and CRL being verified. OpenSSL's s_server, s_client and
verify tools have support for the "-crl_download" option which
implements automatic CRL downloading and this attack has been
demonstrated to work against those tools. Note that an unrelated bug
means that affected versions of OpenSSL cannot parse or construct
correct encodings of EDIPARTYNAME. However it is possible to construct
a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence
trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected
by this issue. Other OpenSSL releases are out of support and have not
been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed
in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
CVE-2018-1333<https://www.shodan.io/search?query=vuln%3ACVE-2018-1333>
By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary, leading to worker exhaustion and a
denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected
2.4.18-2.4.30,2.4.33).
CVE-2019-0211<https://www.shodan.io/search?query=vuln%3ACVE-2019-0211>
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event,
worker or prefork, code executing in less-privileged child processes
or threads (including scripts executed by an in-process scripting
interpreter) could execute arbitrary code with the privileges of the
parent process (usually root) by manipulating the scoreboard. Non-Unix
systems are not affected.
CVE-2018-5407<https://www.shodan.io/search?query=vuln%3ACVE-2018-5407>
Simultaneous Multi-threading (SMT) in processors can enable local
users to exploit software vulnerable to timing attacks via a
side-channel timing attack on 'port contention'.
CVE-2018-11763<https://www.shodan.io/search?query=vuln%3ACVE-2018-11763>
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large
SETTINGS frames a client can occupy a connection, server thread and
CPU time without any connection timeout coming to effect. This affects
only HTTP/2 connections. A possible mitigation is to not enable the h2
protocol.
CVE-2022-28330<https://www.shodan.io/search?query=vuln%3ACVE-2022-28330>
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond
bounds when configured to process requests with the mod_isapi module.
CVE-2020-11993<https://www.shodan.io/search?query=vuln%3ACVE-2020-11993>
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was
enabled for the HTTP/2 module and on certain traffic edge patterns,
logging statements were made on the wrong connection, causing
concurrent use of memory pools. Configuring the LogLevel of mod_http2
above "info" will mitigate this vulnerability for unpatched servers.
CVE-2019-10092<https://www.shodan.io/search?query=vuln%3ACVE-2019-10092>
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting
issue was reported affecting the mod_proxy error page. An attacker
could cause the link on the error page to be malformed and instead
point to a page of their choice. This would only be exploitable where
a server was set up with proxying enabled but was misconfigured in
such a way that the Proxy Error page was displayed.
CVE-2017-3736<https://www.shodan.io/search?query=vuln%3ACVE-2017-3736>
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC
algorithms are affected. Analysis suggests that attacks against RSA
and DSA as a result of this defect would be very difficult to perform
and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary
to deduce information about a private key may be performed offline.
The amount of resources required for such an attack would be very
significant and likely only accessible to a limited number of
attackers. An attacker would additionally need online access to an
unpatched system using the target private key in a scenario with
persistent DH parameters and a private key that is shared between
multiple clients. This only affects processors that support the BMI1,
BMI2 and ADX extensions like Intel Broadwell (5th generation) and
later or AMD Ryzen.
CVE-2017-3737<https://www.shodan.io/search?query=vuln%3ACVE-2017-3737>
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error
state" mechanism. The intent was that if a fatal error occurred during
a handshake then OpenSSL would move into the error state and would
immediately fail if you attempted to continue the handshake. This
works as designed for the explicit handshake functions
(SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a
bug it does not work correctly if SSL_read() or SSL_write() is called
directly. In that scenario, if the handshake fails then a fatal error
will be returned in the initial function call. If
SSL_read()/SSL_write() is subsequently called by the application for
the same SSL object then it will succeed and the data is passed
without being decrypted/encrypted directly from the SSL/TLS record
layer. In order to exploit this issue an application bug would have to
be present that resulted in a call to SSL_read()/SSL_write() being
issued after having already received a fatal error. OpenSSL version
1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is
not affected.
CVE-2019-1547<https://www.shodan.io/search?query=vuln%3ACVE-2019-1547>
Normally in OpenSSL EC groups always have a co-factor present and this
is used in side channel resistant code paths. However, in some cases,
it is possible to construct a group using explicit parameters (instead
of using a named curve). In those cases it is possible that such a
group does not have the cofactor present. This can occur even where
all the parameters match a known named curve. If such a curve is used
then OpenSSL falls back to non-side channel resistant code paths which
may result in full key recovery during an ECDSA signature operation.
In order to be vulnerable an attacker would have to have the ability
to time the creation of a large number of signatures where explicit
parameters with no co-factor present are in use by an application
using libcrypto. For the avoidance of doubt libssl is not vulnerable
because explicit parameters are never used. Fixed in OpenSSL 1.1.1d
(Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected
1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
CVE-2017-3735<https://www.shodan.io/search?query=vuln%3ACVE-2017-3735>
While parsing an IPAddressFamily extension in an X.509 certificate, it
is possible to do a one-byte overread. This would result in an
incorrect text display of the certificate. This bug has been present
since 2006 and is present in all versions of OpenSSL before 1.0.2m and
1.1.0g.
CVE-2022-1292<https://www.shodan.io/search?query=vuln%3ACVE-2022-1292>
The c_rehash script does not properly sanitise shell metacharacters to
prevent command injection. This script is distributed by some
operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands
with the privileges of the script. Use of the c_rehash script is
considered obsolete and should be replaced by the OpenSSL rehash
command line tool. Fixed in OpenSSL 3.0.3 (Affected
3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).
Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
CVE-2017-3738<https://www.shodan.io/search?query=vuln%3ACVE-2017-3738>
There is an overflow bug in the AVX2 Montgomery multiplication
procedure used in exponentiation with 1024-bit moduli. No EC
algorithms are affected. Analysis suggests that attacks against RSA
and DSA as a result of this defect would be very difficult to perform
and are not believed likely. Attacks against DH1024 are considered
just feasible, because most of the work necessary to deduce
information about a private key may be performed offline. The amount
of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have
to share the DH1024 private key among multiple clients, which is no
longer an option since CVE-2016-0701. This only affects processors
that support the AVX2 but not ADX extensions like Intel Haswell (4th
generation). Note: The impact from this issue is similar to
CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version
1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n.
Due to the low severity of this issue we are not issuing a new release
of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL
1.1.0h when it becomes available. The fix is also available in commit
e502cc86d in the OpenSSL git repository.
CVE-2019-0196<https://www.shodan.io/search?query=vuln%3ACVE-2019-0196>
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38.
Using fuzzed network input, the http/2 request handling could be made
to access freed memory in string comparison when determining the
method of a request and thus process the request incorrectly.
CVE-2019-0197<https://www.shodan.io/search?query=vuln%3ACVE-2019-0197>
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When
HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on
a https: host, an Upgrade request from http/1.1 to http/2 that was not
the first request on a connection could lead to a misconfiguration and
crash. Server that never enabled the h2 protocol or that only enabled
it for https: and did not set "H2Upgrade on" are unaffected by this
issue.
CVE-2022-22721<https://www.shodan.io/search?query=vuln%3ACVE-2022-22721>
If LimitXMLRequestBody is set to allow request bodies larger than
350MB (defaults to 1M) on 32 bit systems an integer overflow happens
which later causes out of bounds writes. This issue affects Apache
HTTP Server 2.4.52 and earlier.
CVE-2022-22720<https://www.shodan.io/search?query=vuln%3ACVE-2022-22720>
Apache HTTP Server 2.4.52 and earlier fails to close inbound
connection when errors are encountered discarding the request body,
exposing the server to HTTP Request Smuggling
CVE-2017-15710<https://www.shodan.io/search?query=vuln%3ACVE-2017-15710>
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to
2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,
uses the Accept-Language header value to lookup the right charset
encoding when verifying the user's credentials. If the header value is
not present in the charset conversion table, a fallback mechanism is
used to truncate it to a two characters value to allow a quick retry
(for example, 'en-US' is truncated to 'en'). A header value of less
than two characters forces an out of bound write of one NUL byte to a
memory location that is not part of the string. In the worst case,
quite unlikely, the process would crash which could be used as a
Denial of Service attack. In the more likely case, this memory is
already reserved for future use and the issue has no effect at all.
CVE-2022-2068<https://www.shodan.io/search?query=vuln%3ACVE-2022-2068>
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does
not properly sanitise shell metacharacters to prevent command
injection were found by code review. When the CVE-2022-1292 was fixed
it was not discovered that there are other places in the script where
the file names of certificates being hashed were possibly passed to a
command executed through the shell. This script is distributed by some
operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands
with the privileges of the script. Use of the c_rehash script is
considered obsolete and should be replaced by the OpenSSL rehash
command line tool. Fixed in OpenSSL 3.0.4 (Affected
3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected
1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
CVE-2021-3712<https://www.shodan.io/search?query=vuln%3ACVE-2021-3712>
ASN.1 strings are represented internally within OpenSSL as an
ASN1_STRING structure which contains a buffer holding the string data
and a field holding the buffer length. This contrasts with normal C
strings which are repesented as a buffer for the string data which is
terminated with a NUL (0) byte. Although not a strict requirement,
ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and
other similar parsing functions) as well as any string whose value has
been set with the ASN1_STRING_set() function will additionally NUL
terminate the byte array in the ASN1_STRING structure. However, it is
possible for applications to directly construct valid ASN1_STRING
structures which do not NUL terminate the byte array by directly
setting the "data" and "length" fields in the ASN1_STRING array. This
can also happen by using the ASN1_STRING_set0() function. Numerous
OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is
not guaranteed for strings that have been directly constructed. Where
an application requests an ASN.1 structure to be printed, and where
that ASN.1 structure contains ASN1_STRINGs that have been directly
constructed by the application without NUL terminating the "data"
field, then a read buffer overrun can occur. The same thing can also
occur during name constraints processing of certificates (for example
if a certificate has been directly constructed by the application
instead of loading it via the OpenSSL parsing functions, and the
certificate contains non NUL terminated ASN1_STRING structures). It
can also occur in the X509_get1_email(), X509_REQ_get1_email() and
X509_get1_ocsp() functions. If a malicious actor can cause an
application to directly construct an ASN1_STRING and then process it
through one of the affected OpenSSL functions then this issue could be
hit. This might result in a crash (causing a Denial of Service
attack). It could also result in the disclosure of private memory
contents (such as private keys, or sensitive plaintext). Fixed in
OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za
(Affected 1.0.2-1.0.2y).
CVE-2019-17567<https://www.shodan.io/search?query=vuln%3ACVE-2019-17567>
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel
configured on an URL that is not necessarily Upgraded by the origin
server was tunneling the whole connection regardless, thus allowing
for subsequent requests on the same connection to pass through with no
HTTP validation, authentication or authorization possibly configured.
CVE-2017-15715<https://www.shodan.io/search?query=vuln%3ACVE-2017-15715>
In Apache httpd 2.4.0 to 2.4.29, the expression specified in
<FilesMatch> could match '$' to a newline character in a malicious
filename, rather than matching only the end of the filename. This
could be exploited in environments where uploads of some files are are
externally blocked, but only by matching the trailing portion of the
filename.
CVE-2022-31813<https://www.shodan.io/search?query=vuln%3ACVE-2022-31813>
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-*
headers to the origin server based on client side Connection header
hop-by-hop mechanism. This may be used to bypass IP based
authentication on the origin server/application.
CVE-2017-7668<https://www.shodan.io/search?query=vuln%3ACVE-2017-7668>
The HTTP strict parsing changes added in Apache httpd 2.2.32 and
2.4.24 introduced a bug in token list parsing, which allows
ap_find_token() to search past the end of its input string. By
maliciously crafting a sequence of request headers, an attacker may be
able to cause a segmentation fault, or to force ap_find_token() to
return an incorrect value.
CVE-2019-10098<https://www.shodan.io/search?query=vuln%3ACVE-2019-10098>
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with
mod_rewrite that were intended to be self-referential might be fooled
by encoded newlines and redirect instead to an unexpected URL within
the request URL.
CVE-2021-23840<https://www.shodan.io/search?query=vuln%3ACVE-2021-23840>
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may
overflow the output length argument in some cases where the input
length is close to the maximum permissable length for an integer on
the platform. In such cases the return value from the function call
will be 1 (indicating success), but the output length value will be
negative. This could cause applications to behave incorrectly or
crash. OpenSSL versions 1.1.1i and below are affected by this issue.
Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL
versions 1.0.2x and below are affected by this issue. However OpenSSL
1.0.2 is out of support and no longer receiving public updates.
Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y.
Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j
(Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected
1.0.2-1.0.2x).
CVE-2021-40438<https://www.shodan.io/search?query=vuln%3ACVE-2021-40438>
A crafted request uri-path can cause mod_proxy to forward the request
to an origin server choosen by the remote user. This issue affects
Apache HTTP Server 2.4.48 and earlier.
CVE-2018-0737<https://www.shodan.io/search?query=vuln%3ACVE-2018-0737>
The OpenSSL RSA Key generation algorithm has been shown to be
vulnerable to a cache timing side channel attack. An attacker with
sufficient access to mount cache timing attacks during the RSA key
generation process could recover the private key. Fixed in OpenSSL
1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev
(Affected 1.0.2b-1.0.2o).
CVE-2018-0734<https://www.shodan.io/search?query=vuln%3ACVE-2018-0734>
The OpenSSL DSA signature algorithm has been shown to be vulnerable to
a timing side channel attack. An attacker could use variations in the
signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a
(Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i).
Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
CVE-2018-0732<https://www.shodan.io/search?query=vuln%3ACVE-2018-0732>
During key agreement in a TLS handshake using a DH(E) based
ciphersuite a malicious server can send a very large prime value to
the client. This will cause the client to spend an unreasonably long
period of time generating a key for this prime resulting in a hang
until the client has finished. This could be exploited in a Denial Of
Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h).
Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
CVE-2022-23943<https://www.shodan.io/search?query=vuln%3ACVE-2022-23943>
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server
allows an attacker to overwrite heap memory with possibly attacker
provided data. This issue affects Apache HTTP Server 2.4 version
2.4.52 and prior versions.
CVE-2020-1927<https://www.shodan.io/search?query=vuln%3ACVE-2020-1927>
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with
mod_rewrite that were intended to be self-referential might be fooled
by encoded newlines and redirect instead to an an unexpected URL
within the request URL.
CVE-2017-7659<https://www.shodan.io/search?query=vuln%3ACVE-2017-7659>
A maliciously constructed HTTP/2 request could cause mod_http2 in
Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and
crash the server process.
CVE-2018-17199<https://www.shodan.io/search?query=vuln%3ACVE-2018-17199>
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks
the session expiry time before decoding the session. This causes
session expiry time to be ignored for mod_session_cookie sessions
since the expiry time is loaded when the session is decoded.
CVE-2021-23841<https://www.shodan.io/search?query=vuln%3ACVE-2021-23841>
The OpenSSL public API function X509_issuer_and_serial_hash() attempts
to create a unique hash value based on the issuer and serial number
data contained within an X509 certificate. However it fails to
correctly handle any errors that may occur while parsing the issuer
field (which might occur if the issuer field is maliciously
constructed). This may subsequently result in a NULL pointer deref and
a crash leading to a potential denial of service attack. The function
X509_issuer_and_serial_hash() is never directly called by OpenSSL
itself so applications are only vulnerable if they use this function
directly and they use it on certificates that may have been obtained
from untrusted sources. OpenSSL versions 1.1.1i and below are affected
by this issue. Users of these versions should upgrade to OpenSSL
1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue.
However OpenSSL 1.0.2 is out of support and no longer receiving public
updates. Premium support customers of OpenSSL 1.0.2 should upgrade to
1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j
(Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected
1.0.2-1.0.2x).
CVE-2022-30522<https://www.shodan.io/search?query=vuln%3ACVE-2022-30522>
If Apache HTTP Server 2.4.53 is configured to do transformations with
mod_sed in contexts where the input to mod_sed may be very large,
mod_sed may make excessively large memory allocations and trigger an
abort.
CVE-2017-9788<https://www.shodan.io/search?query=vuln%3ACVE-2017-9788>
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value
placeholder in [Proxy-]Authorization headers of type 'Digest' was not
initialized or reset before or between successive key=value
assignments by mod_auth_digest. Providing an initial key with no '='
assignment could reflect the stale value of uninitialized pool memory
used by the prior request, leading to leakage of potentially
confidential information, and a segfault in other cases resulting in
denial of service.
CVE-2018-0739<https://www.shodan.io/search?query=vuln%3ACVE-2018-0739>
Constructed ASN.1 types with a recursive definition (such as can be
found in PKCS7) could eventually exceed the stack given malicious
input with excessive recursion. This could result in a Denial Of
Service attack. There are no such structures used within SSL/TLS that
come from untrusted sources so this is considered safe. Fixed in
OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o
(Affected 1.0.2b-1.0.2n).
CVE-2018-1301<https://www.shodan.io/search?query=vuln%3ACVE-2018-1301>
A specially crafted request could have crashed the Apache HTTP Server
prior to version 2.4.30, due to an out of bound access after a size
limit is reached by reading the HTTP header. This vulnerability is
considered very hard if not impossible to trigger in non-debug mode
(both log and build level), so it is classified as low risk for common
server usage.
CVE-2018-1302<https://www.shodan.io/search?query=vuln%3ACVE-2018-1302>
When an HTTP/2 stream was destroyed after being handled, the Apache
HTTP Server prior to version 2.4.30 could have written a NULL pointer
potentially to an already freed memory. The memory pools maintained by
the server make this vulnerability hard to trigger in usual
configurations, the reporter and the team could not reproduce it
outside debug builds, so it is classified as low risk.
CVE-2018-1303<https://www.shodan.io/search?query=vuln%3ACVE-2018-1303>
A specially crafted HTTP request header could have crashed the Apache
HTTP Server prior to version 2.4.30 due to an out of bound read while
preparing data to be cached in shared memory. It could be used as a
Denial of Service attack against users of mod_cache_socache. The
vulnerability is considered as low risk since mod_cache_socache is not
widely used, mod_cache_disk is not concerned by this vulnerability.
CVE-2017-3167<https://www.shodan.io/search?query=vuln%3ACVE-2017-3167>
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of
the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being
bypassed.
CVE-2021-34798<https://www.shodan.io/search?query=vuln%3ACVE-2021-34798>
Malformed requests may cause the server to dereference a NULL pointer.
This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2019-1551<https://www.shodan.io/search?query=vuln%3ACVE-2019-1551>
There is an overflow bug in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli. No EC algorithms are
affected. Analysis suggests that attacks against 2-prime RSA1024,
3-prime RSA1536, and DSA1024 as a result of this defect would be very
difficult to perform and are not believed likely. Attacks against
DH512 are considered just feasible. However, for an attack the target
would have to re-use the DH512 private key, which is not recommended
anyway. Also applications directly using the low level API BN_mod_exp
may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e
(Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected
1.0.2-1.0.2t).
CVE-2017-3169<https://www.shodan.io/search?query=vuln%3ACVE-2017-3169>
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl
may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2020-9490<https://www.shodan.io/search?query=vuln%3ACVE-2020-9490>
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted
value for the 'Cache-Digest' header in a HTTP/2 request would result
in a crash when the server actually tries to HTTP/2 PUSH a resource
afterwards. Configuring the HTTP/2 feature via "H2Push off" will
mitigate this vulnerability for unpatched servers.
CVE-2022-22719<https://www.shodan.io/search?query=vuln%3ACVE-2022-22719>
A carefully crafted request body can cause a read to a random memory
area which could cause the process to crash. This issue affects Apache
HTTP Server 2.4.52 and earlier.
CVE-2019-1552<https://www.shodan.io/search?query=vuln%3ACVE-2019-1552>
OpenSSL has internal defaults for a directory tree where it can find a
configuration file as well as certificates used for verification in
TLS. This directory is most commonly referred to as OPENSSLDIR, and is
configurable with the --prefix / --openssldir configuration options.
For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets
assume that resulting programs and libraries are installed in a
Unix-like environment and the default prefix for program installation
as well as for OPENSSLDIR should be '/usr/local'. However, mingw
programs are Windows programs, and as such, find themselves looking at
sub-directories of 'C:/usr/local', which may be world writable, which
enables untrusted users to modify OpenSSL's default configuration,
insert CA certificates, modify (or even replace) existing engine
modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default
for OPENSSLDIR on all Unix and Windows targets, including Visual C
builds. However, some build instructions for the diverse Windows
targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL
versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the
limited scope of affected deployments this has been assessed as low
severity and therefore we are not creating new releases at this time.
Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL
1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected
1.0.2-1.0.2s).
CVE-2021-44790<https://www.shodan.io/search?query=vuln%3ACVE-2021-44790>
A carefully crafted request body can cause a buffer overflow in the
mod_lua multipart parser (r:parsebody() called from Lua scripts). The
Apache httpd team is not aware of an exploit for the vulnerabilty
though it might be possible to craft one. This issue affects Apache
HTTP Server 2.4.51 and earlier.
CVE-2021-4160<https://www.shodan.io/search?query=vuln%3ACVE-2021-4160>
There is a carry propagation bug in the MIPS32 and MIPS64 squaring
procedure. Many EC algorithms are affected, including some of the TLS
1.3 default curves. Impact was not analyzed in detail, because the
pre-requisites for attack are considered unlikely and include reusing
private keys. Analysis suggests that attacks against RSA and DSA as a
result of this defect would be very difficult to perform and are not
believed likely. Attacks against DH are considered just feasible
(although very difficult) because most of the work necessary to deduce
information about a private key may be performed offline. The amount
of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have
to share the DH private key among multiple clients, which is no longer
an option since CVE-2016-0701. This issue affects OpenSSL versions
1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and
3.0.1 on the 15th of December 2021. For the 1.0.2 release it is
addressed in git commit 6fc1aaaf3 that is available to premium support
customers only. It will be made available in 1.0.2zc when it is
released. The issue only affects OpenSSL on MIPS platforms. Fixed in
OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected
1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).
CVE-2019-1559<https://www.shodan.io/search?query=vuln%3ACVE-2019-1559>
If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive
one) then OpenSSL can respond differently to the calling application
if a 0 byte record is received with invalid padding compared to if a 0
byte record is received with an invalid MAC. If the application then
behaves differently based on that in a way that is detectable to the
remote peer, then this amounts to a padding oracle that could be used
to decrypt data. In order for this to be exploitable "non-stitched"
ciphersuites must be in use. Stitched ciphersuites are optimised
implementations of certain commonly used ciphersuites. Also the
application must call SSL_shutdown() twice even if a protocol error
has occurred (applications should not do this but some do anyway).
Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
CVE-2021-26690<https://www.shodan.io/search?query=vuln%3ACVE-2021-26690>
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie
header handled by mod_session can cause a NULL pointer dereference and
crash, leading to a possible Denial Of Service
CVE-2021-26691<https://www.shodan.io/search?query=vuln%3ACVE-2021-26691>
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted
SessionHeader sent by an origin server could cause a heap overflow
CVE-2019-0220<https://www.shodan.io/search?query=vuln%3ACVE-2019-0220>
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When
the path component of a request URL contains multiple consecutive
slashes ('/'), directives such as LocationMatch and RewriteRule must
account for duplicates in regular expressions while other aspects of
the servers processing will implicitly collapse them.
CVE-2019-1563<https://www.shodan.io/search?query=vuln%3ACVE-2019-1563>
In situations where an attacker receives automated notification of the
success or failure of a decryption attempt an attacker, after sending
a very large number of messages to be decrypted, can recover a
CMS/PKCS7 transported encryption key or decrypt any RSA encrypted
message that was encrypted with the public RSA key, using a
Bleichenbacher padding oracle attack. Applications are not affected if
they use a certificate together with the private RSA key to the
CMS_decrypt or PKCS7_decrypt functions to select the correct recipient
info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL
1.0.2t (Affected 1.0.2-1.0.2s).
CVE-2020-35452<https://www.shodan.io/search?query=vuln%3ACVE-2020-35452>
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest
nonce can cause a stack overflow in mod_auth_digest. There is no
report of this overflow being exploitable, nor the Apache HTTP Server
team could create one, though some particular compiler and/or
compilation option might make it possible, with limited consequences
anyway due to the size (a single byte) and the value (zero byte) of
the overflow
CVE-2020-13938<https://www.shodan.io/search?query=vuln%3ACVE-2020-13938>
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users
can stop httpd on Windows
CVE-2019-10081<https://www.shodan.io/search?query=vuln%3ACVE-2019-10081>
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example
configured with "H2PushResource", could lead to an overwrite of memory
in the pushing request's pool, leading to crashes. The memory copied
is that of the configured push link header values, not data supplied
by the client.
CVE-2018-1283<https://www.shodan.io/search?query=vuln%3ACVE-2018-1283>
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to
forward its session data to CGI applications (SessionEnv on, not the
default), a remote user may influence their content by using a
"Session" header. This comes from the "HTTP_SESSION" variable name
used by mod_session to forward its data to CGIs, since the prefix
"HTTP_" is also used by the Apache HTTP Server to pass HTTP header
fields, per CGI specifications.
CVE-2020-1968<https://www.shodan.io/search?query=vuln%3ACVE-2020-1968>
The Raccoon attack exploits a flaw in the TLS specification which can
lead to an attacker being able to compute the pre-master secret in
connections which have used a Diffie-Hellman (DH) based ciphersuite.
In such a case this would result in the attacker being able to
eavesdrop on all encrypted communications sent over that TLS
connection. The attack can only be exploited if an implementation
re-uses a DH secret across multiple TLS connections. Note that this
issue only impacts DH ciphersuites and not ECDH ciphersuites. This
issue affects OpenSSL 1.0.2 which is out of support and no longer
receiving public updates. OpenSSL 1.1.1 is not vulnerable to this
issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
CVE-2022-30556<https://www.shodan.io/search?query=vuln%3ACVE-2022-30556>
Apache HTTP Server 2.4.53 and earlier may return lengths to
applications calling r:wsread() that point past the end of the storage
allocated for the buffer.
CVE-2021-44224<https://www.shodan.io/search?query=vuln%3ACVE-2021-44224>
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference) or,
for configurations mixing forward and reverse proxy declarations, can
allow for requests to be directed to a declared Unix Domain Socket
endpoint (Server Side Request Forgery). This issue affects Apache HTTP
Server 2.4.7 up to 2.4.51 (included).
CVE-2019-0217<https://www.shodan.io/search?query=vuln%3ACVE-2019-0217>
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition
in mod_auth_digest when running in a threaded server could allow a
user with valid credentials to authenticate using another username,
bypassing configured access control restrictions.
CVE-2021-39275<https://www.shodan.io/search?query=vuln%3ACVE-2021-39275>
ap_escape_quotes() may write beyond the end of a buffer when given
malicious input. No included modules pass untrusted data to these
functions, but third-party / external modules may. This issue affects
Apache HTTP Server 2.4.48 and earlier.
CVE-2022-28615<https://www.shodan.io/search?query=vuln%3ACVE-2022-28615>
Apache HTTP Server 2.4.53 and earlier may crash or disclose
information due to a read beyond bounds in ap_strcmp_match() when
provided with an extremely large input buffer. While no code
distributed with the server can be coerced into such a call,
third-party modules or lua scripts that use ap_strcmp_match() may
hypothetically be affected.
CVE-2022-28614<https://www.shodan.io/search?query=vuln%3ACVE-2022-28614>
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may
read unintended memory if an attacker can cause the server to reflect
very large input using ap_rwrite() or ap_rputs(), such as with
mod_luas r:puts() function. Modules compiled and distributed
separately from Apache HTTP Server that use the 'ap_rputs' function
and may pass it a very large (INT_MAX or larger) string must be
compiled against current headers to resolve the issue.
CVE-2018-1312<https://www.shodan.io/search?query=vuln%3ACVE-2018-1312>
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest
authentication challenge, the nonce sent to prevent reply attacks was
not correctly generated using a pseudo-random seed. In a cluster of
servers using a common Digest authentication configuration, HTTP
requests could be replayed across servers by an attacker without
detection.
DXC Technology Company -- This message is transmitted to you by or on
behalf of DXC Technology Company or one of its affiliates. It is
intended exclusively for the addressee. The substance of this message,
along with any attachments, may contain proprietary, confidential or
privileged information or information that is otherwise legally exempt
from disclosure. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient of
this message, you are not authorized to read, print, retain, copy or
disseminate any part of this message. If you have received this
message in error, please destroy and delete all copies and notify the
sender by return e-mail. Regardless of content, this e-mail shall not
operate to bind DXC Technology Company or any of its affiliates to any
order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for
such purpose.
