Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
No PoCs from references.
- https://github.com/8ctorres/SIND-Practicas
- https://github.com/ARPSyndicate/cvemon
- https://github.com/EzeTauil/Maquina-Upload
- https://github.com/NeoOniX/5ATTACK
- https://github.com/Samaritin/OSINT
- https://github.com/Totes5706/TotesHTB
- https://github.com/bioly230/THM_Skynet
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/kasem545/vulnsearch
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/pedr0alencar/vlab-metasploitable2