Oracle

Instantis Enterprisetrack

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-44790

Exploit
  • EPSS 87.09%
  • Veröffentlicht 20.12.2021 12:15:07
  • Zuletzt bearbeitet 01.05.2025 15:38:06

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This...

8.2

CVE-2021-44224

  • EPSS 10.7%
  • Veröffentlicht 20.12.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:30:37

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix D...

5.9

CVE-2021-45105

Warnung
  • EPSS 65.66%
  • Veröffentlicht 18.12.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:31:58

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service wh...

9.8

CVE-2021-42013

Warnung Exploit
  • EPSS 94.41%
  • Veröffentlicht 07.10.2021 16:15:09
  • Zuletzt bearbeitet 21.03.2025 21:02:08

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these dire...

7.5

CVE-2021-41773

Warnung Exploit
  • EPSS 94.38%
  • Veröffentlicht 05.10.2021 09:15:07
  • Zuletzt bearbeitet 21.03.2025 21:07:31

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directorie...

7.5

CVE-2021-41524

Warnung
  • EPSS 6.77%
  • Veröffentlicht 05.10.2021 09:15:07
  • Zuletzt bearbeitet 21.11.2024 06:26:20

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in versi...

9

CVE-2021-40438

Warnung
  • EPSS 94.43%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 16.05.2025 15:27:13

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

9.8

CVE-2021-39275

  • EPSS 46.97%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 01.05.2025 15:39:40

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5

CVE-2021-36160

  • EPSS 4.96%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 01.05.2025 15:40:05

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

7.5

CVE-2021-34798

  • EPSS 11.69%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:11:13

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.