Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

akka-http vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2021-23339
This affects all versions of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers....
Lightbend Akka-http -
NA
CVE-2020-28452
This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed...
Softwaremill Akka-http-session
445
VMScore
CVE-2017-1000118
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...
Akka Http Server
694
VMScore
CVE-2018-16131
The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb....
Lightbend Akka Http
NA
CVE-2020-7780
This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by...
Softwaremill Akka-http-session
828
VMScore
CVE-2017-1000034
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem....
Akka AkkaAkka Akka 2.5
570
VMScore
CVE-2018-16115
Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical...
Lightbend Akka
605
VMScore
CVE-2010-0010
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size...
Apache Http Server 0.8.11Apache Http Server 0.8.14Apache Http Server 1.0Apache Http Server 1.0.3Apache Http Server 1.0.5Apache Http Server 1.1Apache Http Server 1.2Apache Http Server 1.2.4Apache Http Server 1.2.5Apache Http Server 1.2.6Apache Http Server 1.3Apache Http Server 1.3.0Apache Http Server 1.3.1Apache Http Server 1.3.2Apache Http Server 1.3.3Apache Http Server 1.3.4Apache Http Server 1.3.10Apache Http Server 1.3.11Apache Http Server 1.3.12Apache Http Server 1.3.13Apache Http Server 1.3.14Apache Http Server 1.3.15Apache Http Server 1.3.17Apache Http Server 1.3.18Apache Http Server 1.3.19Apache Http Server 1.3.20Apache Http Server 1.3.22Apache Http Server 1.3.23Apache Http Server 1.3.24Apache Http Server 1.3.25Apache Http Server 1.3.26Apache Http Server 1.3.27Apache Http Server 1.3.28Apache Http Server 1.3.29Apache Http Server 1.3.30Apache Http Server 1.3.31Apache Http Server 1.3.32Apache Http Server 1.3.33Apache Http Server 1.3.34Apache Http Server 1.3.35Apache Http Server 1.3.36Apache Http Server 1.3.37Apache Http Server 1.3.38Apache Http Server 1.3.39Apache Http Server 1.3.40Apache Http Server
383
VMScore
CVE-2016-4975
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache...
Apache Http Server 2.2.0Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.20Apache Http Server 2.2.21Apache Http Server 2.2.22Apache Http Server 2.2.23Apache Http Server 2.2.24Apache Http Server 2.2.25Apache Http Server 2.2.26Apache Http Server 2.2.27Apache Http Server 2.2.29Apache Http Server 2.2.31Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.4Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.9Apache Http Server 2.4.10Apache Http Server 2.4.12Apache Http Server 2.4.16Apache Http Server 2.4.17Apache Http Server 2.4.18Apache Http Server 2.4.20Apache Http Server 2.4.23
445
VMScore
CVE-2004-0263
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information....
Apache Http Server 1.0Apache Http Server 1.0.2Apache Http Server 1.0.3Apache Http Server 1.0.5Apache Http Server 1.1Apache Http Server 1.1.1Apache Http Server 1.2Apache Http Server 1.2.5Apache Http Server 1.3Apache Http Server 1.3.1Apache Http Server 1.3.3Apache Http Server 1.3.4Apache Http Server 1.3.6Apache Http Server 1.3.7Apache Http Server 1.3.9Apache Http Server 1.3.11Apache Http Server 1.3.12Apache Http Server 1.3.14Apache Http Server 1.3.17Apache Http Server 1.3.18Apache Http Server 1.3.19Apache Http Server 1.3.20Apache Http Server 1.3.22Apache Http Server 1.3.23Apache Http Server 1.3.24Apache Http Server 1.3.25Apache Http Server 1.3.26Apache Http Server 1.3.27Apache Http Server 1.3.28Apache Http Server 1.3.29Apache Http Server 2.0Apache Http Server 2.0.9Apache Http Server 2.0.28Apache Http Server 2.0.32Apache Http Server 2.0.35Apache Http Server 2.0.36Apache Http Server 2.0.37Apache Http Server 2.0.38Apache Http Server 2.0.39Apache Http Server 2.0.40Apache Http Server 2.0.41Apache Http Server 2.0.42Apache Http Server 2.0.43Apache Http Server 2.0.44Apache Http Server 2.0.45Apache Http Server 2.0.46Apache Http Server 2.0.47Apache Http Server 2.0.48Ibm Http Server 1.3.19
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-22183CVE-2021-25252CVE-2021-21972CVE-2021-26858information disclosureCVE-2021-22182gitlabCVE-2020-29047privilegetemplate injection