Out-of-bounds Read vulnerability in mod_macro of Apache HTTP ServerThis issue affects Apache HTTP Server: through 2457 (CVE-2023-31122)
A flaw was found in httpd This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely in the Apache HTTP Server This vulnerabil ...
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP ServerThis issue affects Apache HTTP Server: through 2457 (CVE-2023-31122)
A flaw was found in httpd This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely in the Apache HTTP Server This vulnerabil ...
HTTP/2 vulnerabilities
This operator uses the latest version of docker image with Apache HTTPD server v2458 on date 2/12/2023
That version contains fixes for CVE-2023-45802, CVE-2023-43622 and CVE-2023-31122
About Apacheweb operator
Apacheweb operator is powered by Apache HTTP server
Apacheweb operator provides basic features of Apache HTTP server - web server and load balan
rapport pentest d'un site web de gestion de secrets
Auteur
Année
Kalidou - @aethelwulf - kalidoume
2024
Pentest - Sécurité Applicative
Rapport d'audit pentest
Présenté par : Kalidou DIA
Plan
Introduction
I Énumération
II Détection de vulnérabilités
III Exploitation des vulnérabilités
Introduction
C
Denial of Service (DoS)
Medium Article Demonstration
Description
Thisproject serves as a Proof of Concept (POC) for exploiting a Denial of Service (DoS) vulnerability, CVE-2023–43622, in Apache HTTP Server versions prior to 2458 Utilizing a Python script, the project demonstrates how manipulating the window size in HTTP/2 connections can lead to server resource exhaust
Vulmon