Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....
Search - Review
plg_search_jdownloads
Search - K2
Suche - Kategorien
Suche - Kontakte
Suche - Inhalt
Suche - Newsfeeds
Suche - Schlagwörter
Server Security (2)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
-
CVE-2023-25690
Latest security vulnerabilities Apache Http Server Mar 7, 2023 | 16:15 pmSome mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of[…]
Read more... -
CVE-2023-27522
Latest security vulnerabilities Apache Http Server Mar 7, 2023 | 16:15 pmHTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.Special characters in the origin response header can truncate/split the response forwarded to the client. (CVSS:7.5) (Last Update:2023-09-08 22:15:11)
Read more... -
CVE-2022-36760
Latest security vulnerabilities Apache Http Server Jan 17, 2023 | 20:15 pmInconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54[…]
Read more... -
CVE-2022-37436
Latest security vulnerabilities Apache Http Server Jan 17, 2023 | 20:15 pmPrior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be[…]
Read more... -
CVE-2022-28614
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 17:15 pmThe ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed[…]
Read more... -
CVE-2022-28615
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 17:15 pmApache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a[…]
Read more... -
CVE-2022-29404
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 17:15 pmIn Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVSS:7.5) (Last Update:2022-08-24 18:17:18)
Read more... -
CVE-2022-30522
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 17:15 pmIf Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. (CVSS:7.5) (Last Update:2022-09-07 17:35:03)
Read more... -
CVE-2022-30556
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 17:15 pmApache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVSS:7.5) (Last Update:2023-07-21 16:56:19)
Read more... -
CVE-2022-31813
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 17:15 pmApache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVSS:9.8) (Last Update:2022-08-19[…]
Read more...
Published in: Server Security
-
CVE-2020-19692
Latest security vulnerabilities Nginx products Apr 4, 2023 | 15:15 pmBuffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. (CVSS:9.8) (Last Update:2023-04-10 18:50:28)
Read more... -
CVE-2020-19695
Latest security vulnerabilities Nginx products Apr 4, 2023 | 15:15 pmBuffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. (CVSS:9.8) (Last Update:2023-04-10 19:16:56)
Read more... -
CVE-2022-35173
Latest security vulnerabilities Nginx products Aug 18, 2022 | 06:15 amAn issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. (CVSS:7.5) (Last Update:2022-08-24 16:02:55)
Read more... -
CVE-2022-29779
Latest security vulnerabilities Nginx products Jun 2, 2022 | 14:15 pmNginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. (CVSS:5.5) (Last Update:2022-06-09 21:00:51)
Read more... -
CVE-2022-29780
Latest security vulnerabilities Nginx products Jun 2, 2022 | 14:15 pmNginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. (CVSS:5.5) (Last Update:2022-06-09 21:00:23)
Read more... -
CVE-2022-30503
Latest security vulnerabilities Nginx products Jun 2, 2022 | 14:15 pmNginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. (CVSS:5.5) (Last Update:2022-06-10 18:56:14)
Read more... -
CVE-2021-46461
Latest security vulnerabilities Nginx products Feb 14, 2022 | 22:15 pmnjs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. (CVSS:9.8) (Last Update:2022-05-11 14:40:41)
Read more... -
CVE-2019-7401
Latest security vulnerabilities Nginx products Feb 8, 2019 | 03:29 amNGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.[…]
Read more... -
CVE-2009-3896
Latest security vulnerabilities Nginx products Nov 24, 2009 | 17:30 pmsrc/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a[…]
Read more... -
CVE-2009-3898
Latest security vulnerabilities Nginx products Nov 24, 2009 | 17:30 pmDirectory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1)[…]
Read more...
Published in: Server Security