Re: [users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP response splitting

2024-04-04 Thread Otis Dewitt - NOAA Affiliate
https://nvd.nist.gov/vuln/detail/CVE-2023-38909 MEDIUM Otis DeWitt Contractor with Concept Plus, LLC in support of NOAA Fisheries NMFS / ST6 | U.S. Department of Commerce Office: ‪(302) 648-7481 | otis.dew...@no

RE: [users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP response splitting

2024-04-04 Thread Mcalexander, Jon J.
Is there a severity level for this one? Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-01

[users@httpd] CVE-2024-24795: Apache HTTP Server: HTTP Response Splitting in multiple modules

2024-04-04 Thread Eric Covener
Severity: low Affected versions: - Apache HTTP Server 2.4.0 through 2.4.58 Description: HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users

[users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP response splitting

2024-04-04 Thread Eric Covener
Affected versions: - Apache HTTP Server through 2.4.58 Description: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. Credit: Orange Tsai (@orange_8361) fr

[users@httpd] CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

2024-04-04 Thread Eric Covener
Severity: moderate Affected versions: - Apache HTTP Server 2.4.17 through 2.4.58 Description: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memor