-
Notifications
You must be signed in to change notification settings - Fork 0
/
cvedep.json
58 lines (58 loc) · 2.54 KB
/
cvedep.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
{
"vulnerabilities": [
{
"id": "CVE-2021-40438",
"description": "Server-Side Request Forgery (SSRF) vulnerability",
"known_exploited": true,
"dependencies": {
"features": ["mod_proxy"],
"conditions": ["reverse proxy mode"],
"configuration": [""],
"notes": [
"Requires enabling mod_proxy and setup for reverse proxy to be exploitable."
]
},
"resources": {
"nvd": "https://nvd.nist.gov/vuln/detail/cve-2021-40438",
"epss": "https://api.first.org/data/v1/epss?cve=CVE-2021-40438",
"official_advisory": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438",
"poc": "https://firzen.de/building-a-poc-for-cve-2021-40438",
"bugs": "https://bugzilla.redhat.com/show_bug.cgi?id=2005117",
"patches": "https://svn.apache.org/viewvc?view=revision&revision=1892814"
},
"metadata": {
"date_added": "2024-10-16",
"last_updated": "2024-10-16",
"contributor": "@nickpending"
}
},
{
"id": "CVE-2020-11984",
"description": "Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE",
"known_exploited": false,
"dependencies": {
"features": ["proxy_uwsgi", "mod_http2"],
"conditions": ["LimitRequestFieldSize"],
"configuration": ["The server must be configured to use mod_proxy_uwsgi to forward requests to a backend uWSGI server"],
"notes": [
"If UWSGI is explicitly configured in persistent mode (puwsgi), this can also be used to smuggle a second UWSGI request leading to remote code execution.",
"In its standard configuration UWSGI only supports a single request per connection, making request smuggling impossible",
"mod_http2 incorrectly enforced LimitRequestFieldSize before R1863276"
]
},
"resources": {
"nvd": "https://nvd.nist.gov/vuln/detail/CVE-2020-11984",
"epss": "https://api.first.org/data/v1/epss?cve=CVE-2021-11984",
"official_advisory": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11984",
"poc": "https://github.com/RubenBar/MLW-upcrans",
"bugs": "https://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html",
"patches": "https://svn.apache.org/viewvc?view=revision&revision=1880251"
},
"metadata": {
"date_added": "2024-10-16",
"last_updated": "2024-10-16",
"contributor": "@nickpending"
}
}
]
}