what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files

Apache mod_proxy_cluster Cross Site Scripting
Posted May 14, 2024
Authored by Mohamed Mounir Boudjema

Apache mod_proxy_cluster suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-6710
SHA-256 | fadf8a3fa5550a659387386713c6d034a845c647a4595a8ba20fbad136400e1f

Related Files

Ubuntu Security Notice USN-5090-4
Posted Sep 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-4 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438
SHA-256 | 97566fcdf572aabba3700b134cb12c430056ecb69fad0c05e485f33bb178308a
Ubuntu Security Notice USN-5090-3
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-3 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438
SHA-256 | b581416306f3dd476e571d54877a550435c22900a370f6c91efbf9d6ff8a914f
Ubuntu Security Notice USN-4994-1
Posted Jun 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4994-1 - Marc Stern discovered that the Apache mod_proxy_http module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Antonio Morales discovered that the Apache mod_auth_digest module incorrectly handled certain Digest nonces. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641
SHA-256 | a72dd26c36ff7d43b1a3ccbd95cb1d69d70e997aaac6217677f1cd3536ba61f6
Ubuntu Security Notice USN-4458-1
Posted Aug 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4458-1 - Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-11984, CVE-2020-11993, CVE-2020-1927, CVE-2020-1934, CVE-2020-9490
SHA-256 | 4c21378f5547785a91c122ca0a869ace7a197113022d389224aa2b182dc0d3a3
Apache mod_proxy Reverse Proxy Exposure
Posted Oct 6, 2011
Site apache.org

The Apache mod_proxy module suffers from a reverse proxy exposure vulnerability.

tags | advisory
advisories | CVE-2011-3368
SHA-256 | 99c1b40cb499bb7230f6dcb7690b190f0ac5434e9e581f118b4b1969c1691dbb
Secunia Security Advisory 36675
Posted Sep 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Apache mod_proxy_ftp module, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 5dbd42ddb9955747a0ee2c1410adcca9e9f70ddb11a3e0436c024489d11a7b6b
Secunia Security Advisory 36549
Posted Sep 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Apache mod_proxy_ftp module, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | d68b98d62d1d8324f3053ee1f2b36486f134d442ee76fdf3d1ad4616f1fa6af0
Debian Linux Security Advisory 1834-2
Posted Jul 30, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1834-2 - The previous update caused a regression for apache2 in Debian 4.0 "etch". Using mod_deflate together with mod_php could cause segfaults when a client aborts a connection. This update corrects this flaw. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch". A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2009-1890, CVE-2009-1891
SHA-256 | 2bb04b990a52bd709d6c38bea3fd00f71adef9c7a03e217b9679cec6bd703f6d
Debian Linux Security Advisory 1834-1
Posted Jul 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1834 - A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch".

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2009-1890, CVE-2009-1891
SHA-256 | 394bd714165a039d9f2115b6f7eefc7d36507ac113647e9ee3d8eace6c4beaf8
Secunia Security Advisory 35691
Posted Jul 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Apache mod_proxy module, which can be exploited by malicious people to potentially cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | bf73d62d77ed2a0f3515e2dfd8fc47f7e0474c9a3825a1d609383ce5426db118
Secunia Security Advisory 30621
Posted Jun 12, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Apache mod_proxy module, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 4beca1dc148356c9c9cd04be28a92ed703ae443985dfc04718163f4dbb54d342
Mandriva Linux Security Advisory 2007.235
Posted Dec 4, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in the Apache mod_proxy module was found that could potentially lead to a denial of service is using a threaded Multi-Processing Module. On sites where a reverse proxy is configured, a remote attacker could send a special reequest that would cause the Apache child process handling the request to crash. Likewise, a similar crash could occur on sites with a forward proxy configured if a user could be persuaded to visit a malicious site using the proxy. A flaw in the Apache mod_autoindex module was found. On sites where directory listings are used and the AddDefaultCharset directive was removed from the configuration, a cross-site-scripting attack could be possible against browsers that to not correctly derive the response character set according to the rules in RGC 2616.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2007-3847, CVE-2007-4465
SHA-256 | a286f0e12d6b1be5948457a239b88839ccd7dd6c3da4cc348c762f897cc7efab
Secunia Security Advisory 26636
Posted Aug 31, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Apache mod_proxy module, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | a69a4ddb989893d1dd1a11b6d78c4d7444efa99d6ffdca21d4d6beef86c1e713
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close