CVE-2022-26377<https://www.shodan.io/search?query=vuln%3ACVE-2022-26377>
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to
smuggle requests to the AJP server it forwards requests to. This issue affects
Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
CVE-2017-7679<https://www.shodan.io/search?query=vuln%3ACVE-2017-7679>
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read
one byte past the end of a buffer when sending a malicious Content-Type
response header.
CVE-2022-0778<https://www.shodan.io/search?query=vuln%3ACVE-2022-0778>
The BN_mod_sqrt() function, which computes a modular square root, contains a
bug that can cause it to loop forever for non-prime moduli. Internally this
function is used when parsing certificates that contain elliptic curve public
keys in compressed form or explicit elliptic curve parameters with a base point
encoded in compressed form. It is possible to trigger the infinite loop by
crafting a certificate that has invalid explicit curve parameters. Since
certificate parsing happens prior to verification of the certificate signature,
any process that parses an externally supplied certificate may thus be subject
to a denial of service attack. The infinite loop can also be reached when
parsing crafted private keys as they can contain explicit elliptic curve
parameters. Thus vulnerable situations include: - TLS clients consuming server
certificates - TLS servers consuming client certificates - Hosting providers
taking certificates or private keys from customers - Certificate authorities
parsing certification requests from subscribers - Anything else which parses
ASN.1 elliptic curve parameters Also any other applications that use the
BN_mod_sqrt() where the attacker can control the parameter values are
vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is
not parsed during initial parsing of the certificate which makes it slightly
harder to trigger the infinite loop. However any operation which requires the
public key from the certificate will trigger the infinite loop. In particular
the attacker can use a self-signed certificate to trigger the loop during
verification of the certificate signature. This issue affects OpenSSL versions
1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on
the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in
OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected
1.0.2-1.0.2zc).
CVE-2020-1934<https://www.shodan.io/search?query=vuln%3ACVE-2020-1934>
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized
memory when proxying to a malicious FTP server.
CVE-2018-17189<https://www.shodan.io/search?query=vuln%3ACVE-2018-17189>
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a
slow loris way to plain resources, the h2 stream for that request unnecessarily
occupied a server thread cleaning up that incoming data. This affects only
HTTP/2 (mod_http2) connections.
CVE-2017-9798<https://www.shodan.io/search?query=vuln%3ACVE-2017-9798>
Apache httpd allows remote attackers to read secret data from process memory if
the Limit directive can be set in a user's .htaccess file, or if httpd.conf has
certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP
Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an
unauthenticated OPTIONS HTTP request when attempting to read secret data. This
is a use-after-free issue and thus secret data is not always sent, and the
specific data depends on many factors including configuration. Exploitation
with .htaccess can be blocked with a patch to the ap_limit_section function in
server/core.c.
CVE-2019-10082<https://www.shodan.io/search?query=vuln%3ACVE-2019-10082>
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2
session handling could be made to read memory after being freed, during
connection shutdown.
CVE-2022-29404<https://www.shodan.io/search?query=vuln%3ACVE-2022-29404>
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script
that calls r:parsebody(0) may cause a denial of service due to no default limit
on possible input size.
CVE-2020-1971<https://www.shodan.io/search?query=vuln%3ACVE-2020-1971>
The X.509 GeneralName type is a generic type for representing different types of names.
One of those name types is known as EDIPartyName. OpenSSL provides a function
GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are
equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an
EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible
denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two
purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL
distribution point embedded in an X509 certificate 2) When verifying that a timestamp
response token signer matches the timestamp authority name (exposed via the API functions
TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items
being compared then that attacker could trigger a crash. For example if the attacker can
trick a client or server into checking a malicious certificate against a malicious CRL
then this may occur. Note that some applications automatically download CRLs based on a
URL embedded in a certificate. This checking happens prior to the signatures on the
certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have
support for the "-crl_download" option which implements automatic CRL
downloading and this attack has been demonstrated to work against those tools. Note that
an unrelated bug means that affected versions of OpenSSL cannot parse or construct
correct encodings of EDIPARTYNAME. However it is possible to construct a malformed
EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL
1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of
support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed
in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
CVE-2018-1333<https://www.shodan.io/search?query=vuln%3ACVE-2018-1333>
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds
longer than necessary, leading to worker exhaustion and a denial of service.
Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
CVE-2019-0211<https://www.shodan.io/search?query=vuln%3ACVE-2019-0211>
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or
prefork, code executing in less-privileged child processes or threads
(including scripts executed by an in-process scripting interpreter) could
execute arbitrary code with the privileges of the parent process (usually root)
by manipulating the scoreboard. Non-Unix systems are not affected.
CVE-2018-5407<https://www.shodan.io/search?query=vuln%3ACVE-2018-5407>
Simultaneous Multi-threading (SMT) in processors can enable local users to
exploit software vulnerable to timing attacks via a side-channel timing attack
on 'port contention'.
CVE-2018-11763<https://www.shodan.io/search?query=vuln%3ACVE-2018-11763>
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS
frames a client can occupy a connection, server thread and CPU time without any
connection timeout coming to effect. This affects only HTTP/2 connections. A
possible mitigation is to not enable the h2 protocol.
CVE-2022-28330<https://www.shodan.io/search?query=vuln%3ACVE-2022-28330>
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when
configured to process requests with the mod_isapi module.
CVE-2020-11993<https://www.shodan.io/search?query=vuln%3ACVE-2020-11993>
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2
module and on certain traffic edge patterns, logging statements were made on the wrong
connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2
above "info" will mitigate this vulnerability for unpatched servers.
CVE-2019-10092<https://www.shodan.io/search?query=vuln%3ACVE-2019-10092>
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was
reported affecting the mod_proxy error page. An attacker could cause the link
on the error page to be malformed and instead point to a page of their choice.
This would only be exploitable where a server was set up with proxying enabled
but was misconfigured in such a way that the Proxy Error page was displayed.
CVE-2017-3736<https://www.shodan.io/search?query=vuln%3ACVE-2017-3736>
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in
OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this defect
would be very difficult to perform and are not believed likely. Attacks against
DH are considered just feasible (although very difficult) because most of the
work necessary to deduce information about a private key may be performed
offline. The amount of resources required for such an attack would be very
significant and likely only accessible to a limited number of attackers. An
attacker would additionally need online access to an unpatched system using the
target private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. This only affects processors that
support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation)
and later or AMD Ryzen.
CVE-2017-3737<https://www.shodan.io/search?query=vuln%3ACVE-2017-3737>
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL
would move into the error state and would immediately fail if you attempted to continue
the handshake. This works as designed for the explicit handshake functions
(SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not
work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the
handshake fails then a fatal error will be returned in the initial function call. If
SSL_read()/SSL_write() is subsequently called by the application for the same SSL object
then it will succeed and the data is passed without being decrypted/encrypted directly
from the SSL/TLS record layer. In order to exploit this issue an application bug would
have to be present that resulted in a call to SSL_read()/SSL_write() being issued after
having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed
in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.
CVE-2019-1547<https://www.shodan.io/search?query=vuln%3ACVE-2019-1547>
Normally in OpenSSL EC groups always have a co-factor present and this is used
in side channel resistant code paths. However, in some cases, it is possible to
construct a group using explicit parameters (instead of using a named curve).
In those cases it is possible that such a group does not have the cofactor
present. This can occur even where all the parameters match a known named
curve. If such a curve is used then OpenSSL falls back to non-side channel
resistant code paths which may result in full key recovery during an ECDSA
signature operation. In order to be vulnerable an attacker would have to have
the ability to time the creation of a large number of signatures where explicit
parameters with no co-factor present are in use by an application using
libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit
parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t
(Affected 1.0.2-1.0.2s).
CVE-2017-3735<https://www.shodan.io/search?query=vuln%3ACVE-2017-3735>
While parsing an IPAddressFamily extension in an X.509 certificate, it is
possible to do a one-byte overread. This would result in an incorrect text
display of the certificate. This bug has been present since 2006 and is present
in all versions of OpenSSL before 1.0.2m and 1.1.0g.
CVE-2022-1292<https://www.shodan.io/search?query=vuln%3ACVE-2022-1292>
The c_rehash script does not properly sanitise shell metacharacters to prevent
command injection. This script is distributed by some operating systems in a
manner where it is automatically executed. On such operating systems, an
attacker could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced by the
OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected
3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in
OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
CVE-2017-3738<https://www.shodan.io/search?query=vuln%3ACVE-2017-3738>
There is an overflow bug in the AVX2 Montgomery multiplication procedure used
in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis
suggests that attacks against RSA and DSA as a result of this defect would be
very difficult to perform and are not believed likely. Attacks against DH1024
are considered just feasible, because most of the work necessary to deduce
information about a private key may be performed offline. The amount of
resources required for such an attack would be significant. However, for an
attack on TLS to be meaningful, the server would have to share the DH1024
private key among multiple clients, which is no longer an option since
CVE-2016-0701. This only affects processors that support the AVX2 but not ADX
extensions like Intel Haswell (4th generation). Note: The impact from this
issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL
version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n.
Due to the low severity of this issue we are not issuing a new release of
OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it
becomes available. The fix is also available in commit e502cc86d in the OpenSSL
git repository.
CVE-2019-0196<https://www.shodan.io/search?query=vuln%3ACVE-2019-0196>
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed
network input, the http/2 request handling could be made to access freed memory
in string comparison when determining the method of a request and thus process
the request incorrectly.
CVE-2019-0197<https://www.shodan.io/search?query=vuln%3ACVE-2019-0197>
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled
for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request
from http/1.1 to http/2 that was not the first request on a connection could lead to a
misconfiguration and crash. Server that never enabled the h2 protocol or that only
enabled it for https: and did not set "H2Upgrade on" are unaffected by this
issue.
CVE-2022-22721<https://www.shodan.io/search?query=vuln%3ACVE-2022-22721>
If LimitXMLRequestBody is set to allow request bodies larger than 350MB
(defaults to 1M) on 32 bit systems an integer overflow happens which later
causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and
earlier.
CVE-2022-22720<https://www.shodan.io/search?query=vuln%3ACVE-2022-22720>
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when
errors are encountered discarding the request body, exposing the server to HTTP
Request Smuggling
CVE-2017-15710<https://www.shodan.io/search?query=vuln%3ACVE-2017-15710>
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29,
mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the
Accept-Language header value to lookup the right charset encoding when
verifying the user's credentials. If the header value is not present in the
charset conversion table, a fallback mechanism is used to truncate it to a two
characters value to allow a quick retry (for example, 'en-US' is truncated to
'en'). A header value of less than two characters forces an out of bound write
of one NUL byte to a memory location that is not part of the string. In the
worst case, quite unlikely, the process would crash which could be used as a
Denial of Service attack. In the more likely case, this memory is already
reserved for future use and the issue has no effect at all.
CVE-2022-2068<https://www.shodan.io/search?query=vuln%3ACVE-2022-2068>
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were found
by code review. When the CVE-2022-1292 was fixed it was not discovered that
there are other places in the script where the file names of certificates being
hashed were possibly passed to a command executed through the shell. This
script is distributed by some operating systems in a manner where it is
automatically executed. On such operating systems, an attacker could execute
arbitrary commands with the privileges of the script. Use of the c_rehash
script is considered obsolete and should be replaced by the OpenSSL rehash
command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3).
Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf
(Affected 1.0.2-1.0.2ze).
CVE-2021-3712<https://www.shodan.io/search?query=vuln%3ACVE-2021-3712>
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the
string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a
buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings
that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any
string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in
the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures
which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the
ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print
ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be
printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur
during name constraints processing of certificates (for example if a certificate has been directly constructed by the
application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated
ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp()
functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it
through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a
Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or
sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
CVE-2019-17567<https://www.shodan.io/search?query=vuln%3ACVE-2019-17567>
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an
URL that is not necessarily Upgraded by the origin server was tunneling the
whole connection regardless, thus allowing for subsequent requests on the same
connection to pass through with no HTTP validation, authentication or
authorization possibly configured.
CVE-2017-15715<https://www.shodan.io/search?query=vuln%3ACVE-2017-15715>
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could
match '$' to a newline character in a malicious filename, rather than matching only
the end of the filename. This could be exploited in environments where uploads of
some files are are externally blocked, but only by matching the trailing portion of
the filename.
CVE-2022-31813<https://www.shodan.io/search?query=vuln%3ACVE-2022-31813>
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to
the origin server based on client side Connection header hop-by-hop mechanism.
This may be used to bypass IP based authentication on the origin
server/application.
CVE-2017-7668<https://www.shodan.io/search?query=vuln%3ACVE-2017-7668>
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24
introduced a bug in token list parsing, which allows ap_find_token() to search
past the end of its input string. By maliciously crafting a sequence of request
headers, an attacker may be able to cause a segmentation fault, or to force
ap_find_token() to return an incorrect value.
CVE-2019-10098<https://www.shodan.io/search?query=vuln%3ACVE-2019-10098>
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite
that were intended to be self-referential might be fooled by encoded newlines
and redirect instead to an unexpected URL within the request URL.
CVE-2021-23840<https://www.shodan.io/search?query=vuln%3ACVE-2021-23840>
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow
the output length argument in some cases where the input length is close to the
maximum permissable length for an integer on the platform. In such cases the
return value from the function call will be 1 (indicating success), but the
output length value will be negative. This could cause applications to behave
incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this
issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL
versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is
out of support and no longer receiving public updates. Premium support
customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade
to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL
1.0.2y (Affected 1.0.2-1.0.2x).
CVE-2021-40438<https://www.shodan.io/search?query=vuln%3ACVE-2021-40438>
A crafted request uri-path can cause mod_proxy to forward the request to an
origin server choosen by the remote user. This issue affects Apache HTTP Server
2.4.48 and earlier.
CVE-2018-0737<https://www.shodan.io/search?query=vuln%3ACVE-2018-0737>
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a
cache timing side channel attack. An attacker with sufficient access to mount
cache timing attacks during the RSA key generation process could recover the
private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in
OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
CVE-2018-0734<https://www.shodan.io/search?query=vuln%3ACVE-2018-0734>
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing
side channel attack. An attacker could use variations in the signing algorithm
to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in
OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected
1.0.2-1.0.2p).
CVE-2018-0732<https://www.shodan.io/search?query=vuln%3ACVE-2018-0732>
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a key
for this prime resulting in a hang until the client has finished. This could be
exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected
1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
CVE-2022-23943<https://www.shodan.io/search?query=vuln%3ACVE-2022-23943>
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an
attacker to overwrite heap memory with possibly attacker provided data. This
issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
CVE-2020-1927<https://www.shodan.io/search?query=vuln%3ACVE-2020-1927>
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite
that were intended to be self-referential might be fooled by encoded newlines
and redirect instead to an an unexpected URL within the request URL.
CVE-2017-7659<https://www.shodan.io/search?query=vuln%3ACVE-2017-7659>
A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP
Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server
process.
CVE-2018-17199<https://www.shodan.io/search?query=vuln%3ACVE-2018-17199>
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the
session expiry time before decoding the session. This causes session expiry
time to be ignored for mod_session_cookie sessions since the expiry time is
loaded when the session is decoded.
CVE-2021-23841<https://www.shodan.io/search?query=vuln%3ACVE-2021-23841>
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to
create a unique hash value based on the issuer and serial number data contained
within an X509 certificate. However it fails to correctly handle any errors
that may occur while parsing the issuer field (which might occur if the issuer
field is maliciously constructed). This may subsequently result in a NULL
pointer deref and a crash leading to a potential denial of service attack. The
function X509_issuer_and_serial_hash() is never directly called by OpenSSL
itself so applications are only vulnerable if they use this function directly
and they use it on certificates that may have been obtained from untrusted
sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of
these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and
below are affected by this issue. However OpenSSL 1.0.2 is out of support and
no longer receiving public updates. Premium support customers of OpenSSL 1.0.2
should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in
OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected
1.0.2-1.0.2x).
CVE-2022-30522<https://www.shodan.io/search?query=vuln%3ACVE-2022-30522>
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed
in contexts where the input to mod_sed may be very large, mod_sed may make
excessively large memory allocations and trigger an abort.
CVE-2017-9788<https://www.shodan.io/search?query=vuln%3ACVE-2017-9788>
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in
[Proxy-]Authorization headers of type 'Digest' was not initialized or reset
before or between successive key=value assignments by mod_auth_digest.
Providing an initial key with no '=' assignment could reflect the stale value
of uninitialized pool memory used by the prior request, leading to leakage of
potentially confidential information, and a segfault in other cases resulting
in denial of service.
CVE-2018-0739<https://www.shodan.io/search?query=vuln%3ACVE-2018-0739>
Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with excessive
recursion. This could result in a Denial Of Service attack. There are no such
structures used within SSL/TLS that come from untrusted sources so this is
considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in
OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
CVE-2018-1301<https://www.shodan.io/search?query=vuln%3ACVE-2018-1301>
A specially crafted request could have crashed the Apache HTTP Server prior to
version 2.4.30, due to an out of bound access after a size limit is reached by
reading the HTTP header. This vulnerability is considered very hard if not
impossible to trigger in non-debug mode (both log and build level), so it is
classified as low risk for common server usage.
CVE-2018-1302<https://www.shodan.io/search?query=vuln%3ACVE-2018-1302>
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server
prior to version 2.4.30 could have written a NULL pointer potentially to an
already freed memory. The memory pools maintained by the server make this
vulnerability hard to trigger in usual configurations, the reporter and the
team could not reproduce it outside debug builds, so it is classified as low
risk.
CVE-2018-1303<https://www.shodan.io/search?query=vuln%3ACVE-2018-1303>
A specially crafted HTTP request header could have crashed the Apache HTTP
Server prior to version 2.4.30 due to an out of bound read while preparing data
to be cached in shared memory. It could be used as a Denial of Service attack
against users of mod_cache_socache. The vulnerability is considered as low risk
since mod_cache_socache is not widely used, mod_cache_disk is not concerned by
this vulnerability.
CVE-2017-3167<https://www.shodan.io/search?query=vuln%3ACVE-2017-3167>
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the
ap_get_basic_auth_pw() by third-party modules outside of the authentication
phase may lead to authentication requirements being bypassed.
CVE-2021-34798<https://www.shodan.io/search?query=vuln%3ACVE-2021-34798>
Malformed requests may cause the server to dereference a NULL pointer. This
issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2019-1551<https://www.shodan.io/search?query=vuln%3ACVE-2019-1551>
There is an overflow bug in the x64_64 Montgomery squaring procedure used in
exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as
a result of this defect would be very difficult to perform and are not believed
likely. Attacks against DH512 are considered just feasible. However, for an
attack the target would have to re-use the DH512 private key, which is not
recommended anyway. Also applications directly using the low level API
BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL
1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
CVE-2017-3169<https://www.shodan.io/search?query=vuln%3ACVE-2017-3169>
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may
dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2020-9490<https://www.shodan.io/search?query=vuln%3ACVE-2020-9490>
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the
'Cache-Digest' header in a HTTP/2 request would result in a crash when the server
actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via
"H2Push off" will mitigate this vulnerability for unpatched servers.
CVE-2022-22719<https://www.shodan.io/search?query=vuln%3ACVE-2022-22719>
A carefully crafted request body can cause a read to a random memory area which
could cause the process to crash. This issue affects Apache HTTP Server 2.4.52
and earlier.
CVE-2019-1552<https://www.shodan.io/search?query=vuln%3ACVE-2019-1552>
OpenSSL has internal defaults for a directory tree where it can find a
configuration file as well as certificates used for verification in TLS. This
directory is most commonly referred to as OPENSSLDIR, and is configurable with
the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0
and 1.1.1, the mingw configuration targets assume that resulting programs and
libraries are installed in a Unix-like environment and the default prefix for
program installation as well as for OPENSSLDIR should be '/usr/local'. However,
mingw programs are Windows programs, and as such, find themselves looking at
sub-directories of 'C:/usr/local', which may be world writable, which enables
untrusted users to modify OpenSSL's default configuration, insert CA
certificates, modify (or even replace) existing engine modules, etc. For
OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix
and Windows targets, including Visual C builds. However, some build
instructions for the diverse Windows targets on 1.0.2 encourage you to specify
your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this
issue. Due to the limited scope of affected deployments this has been assessed
as low severity and therefore we are not creating new releases at this time.
Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l
(Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
CVE-2021-44790<https://www.shodan.io/search?query=vuln%3ACVE-2021-44790>
A carefully crafted request body can cause a buffer overflow in the mod_lua
multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team
is not aware of an exploit for the vulnerabilty though it might be possible to
craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
CVE-2021-4160<https://www.shodan.io/search?query=vuln%3ACVE-2021-4160>
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure.
Many EC algorithms are affected, including some of the TLS 1.3 default curves.
Impact was not analyzed in detail, because the pre-requisites for attack are
considered unlikely and include reusing private keys. Analysis suggests that
attacks against RSA and DSA as a result of this defect would be very difficult
to perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to deduce
information about a private key may be performed offline. The amount of
resources required for such an attack would be significant. However, for an
attack on TLS to be meaningful, the server would have to share the DH private
key among multiple clients, which is no longer an option since CVE-2016-0701.
This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in
the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2
release it is addressed in git commit 6fc1aaaf3 that is available to premium
support customers only. It will be made available in 1.0.2zc when it is
released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL
3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed
in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).
CVE-2019-1559<https://www.shodan.io/search?query=vuln%3ACVE-2019-1559>
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice
(once to send a close_notify, and once to receive one) then OpenSSL can respond
differently to the calling application if a 0 byte record is received with invalid
padding compared to if a 0 byte record is received with an invalid MAC. If the
application then behaves differently based on that in a way that is detectable to the
remote peer, then this amounts to a padding oracle that could be used to decrypt data. In
order for this to be exploitable "non-stitched" ciphersuites must be in use.
Stitched ciphersuites are optimised implementations of certain commonly used
ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol
error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL
1.0.2r (Affected 1.0.2-1.0.2q).
CVE-2021-26690<https://www.shodan.io/search?query=vuln%3ACVE-2021-26690>
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header
handled by mod_session can cause a NULL pointer dereference and crash, leading
to a possible Denial Of Service
CVE-2021-26691<https://www.shodan.io/search?query=vuln%3ACVE-2021-26691>
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted
SessionHeader sent by an origin server could cause a heap overflow
CVE-2019-0220<https://www.shodan.io/search?query=vuln%3ACVE-2019-0220>
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path
component of a request URL contains multiple consecutive slashes ('/'),
directives such as LocationMatch and RewriteRule must account for duplicates in
regular expressions while other aspects of the servers processing will
implicitly collapse them.
CVE-2019-1563<https://www.shodan.io/search?query=vuln%3ACVE-2019-1563>
In situations where an attacker receives automated notification of the success
or failure of a decryption attempt an attacker, after sending a very large
number of messages to be decrypted, can recover a CMS/PKCS7 transported
encryption key or decrypt any RSA encrypted message that was encrypted with the
public RSA key, using a Bleichenbacher padding oracle attack. Applications are
not affected if they use a certificate together with the private RSA key to the
CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to
decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL
1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
CVE-2020-35452<https://www.shodan.io/search?query=vuln%3ACVE-2020-35452>
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce
can cause a stack overflow in mod_auth_digest. There is no report of this
overflow being exploitable, nor the Apache HTTP Server team could create one,
though some particular compiler and/or compilation option might make it
possible, with limited consequences anyway due to the size (a single byte) and
the value (zero byte) of the overflow
CVE-2020-13938<https://www.shodan.io/search?query=vuln%3ACVE-2020-13938>
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop
httpd on Windows
CVE-2019-10081<https://www.shodan.io/search?query=vuln%3ACVE-2019-10081>
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with
"H2PushResource", could lead to an overwrite of memory in the pushing request's
pool, leading to crashes. The memory copied is that of the configured push link header
values, not data supplied by the client.
CVE-2018-1283<https://www.shodan.io/search?query=vuln%3ACVE-2018-1283>
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI
applications (SessionEnv on, not the default), a remote user may influence their content by using a
"Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to
forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass
HTTP header fields, per CGI specifications.
CVE-2020-1968<https://www.shodan.io/search?query=vuln%3ACVE-2020-1968>
The Raccoon attack exploits a flaw in the TLS specification which can lead to
an attacker being able to compute the pre-master secret in connections which
have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would
result in the attacker being able to eavesdrop on all encrypted communications
sent over that TLS connection. The attack can only be exploited if an
implementation re-uses a DH secret across multiple TLS connections. Note that
this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue
affects OpenSSL 1.0.2 which is out of support and no longer receiving public
updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w
(Affected 1.0.2-1.0.2v).
CVE-2022-30556<https://www.shodan.io/search?query=vuln%3ACVE-2022-30556>
Apache HTTP Server 2.4.53 and earlier may return lengths to applications
calling r:wsread() that point past the end of the storage allocated for the
buffer.
CVE-2021-44224<https://www.shodan.io/search?query=vuln%3ACVE-2021-44224>
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on)
can cause a crash (NULL pointer dereference) or, for configurations mixing
forward and reverse proxy declarations, can allow for requests to be directed
to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This
issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
CVE-2019-0217<https://www.shodan.io/search?query=vuln%3ACVE-2019-0217>
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in
mod_auth_digest when running in a threaded server could allow a user with valid
credentials to authenticate using another username, bypassing configured access
control restrictions.
CVE-2021-39275<https://www.shodan.io/search?query=vuln%3ACVE-2021-39275>
ap_escape_quotes() may write beyond the end of a buffer when given malicious
input. No included modules pass untrusted data to these functions, but
third-party / external modules may. This issue affects Apache HTTP Server
2.4.48 and earlier.
CVE-2022-28615<https://www.shodan.io/search?query=vuln%3ACVE-2022-28615>
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to
a read beyond bounds in ap_strcmp_match() when provided with an extremely large
input buffer. While no code distributed with the server can be coerced into
such a call, third-party modules or lua scripts that use ap_strcmp_match() may
hypothetically be affected.
CVE-2022-28614<https://www.shodan.io/search?query=vuln%3ACVE-2022-28614>
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read
unintended memory if an attacker can cause the server to reflect very large
input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
Modules compiled and distributed separately from Apache HTTP Server that use
the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string
must be compiled against current headers to resolve the issue.
CVE-2018-1312<https://www.shodan.io/search?query=vuln%3ACVE-2018-1312>
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication
challenge, the nonce sent to prevent reply attacks was not correctly generated
using a pseudo-random seed. In a cluster of servers using a common Digest
authentication configuration, HTTP requests could be replayed across servers by
an attacker without detection.
DXC Technology Company -- This message is transmitted to you by or on behalf of
DXC Technology Company or one of its affiliates. It is intended exclusively for
the addressee. The substance of this message, along with any attachments, may
contain proprietary, confidential or privileged information or information that
is otherwise legally exempt from disclosure. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended recipient
of this message, you are not authorized to read, print, retain, copy or
disseminate any part of this message. If you have received this message in
error, please destroy and delete all copies and notify the sender by return
e-mail. Regardless of content, this e-mail shall not operate to bind DXC
Technology Company or any of its affiliates to any order or other contract
unless pursuant to explicit written agreement or government initiative
expressly permitting the use of e-mail for such purpose.