Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/37F636FDE57C22CC6D0F7C7B9E8B7594
HistoryMar 31, 2018 - 12:00 a.m.

Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1

2018-03-3100:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
10

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.962 High

EPSS

Percentile

99.5%

March 31, 2018 Anton Farygin 1:2.4.33-alt1

- 2.4.33
- fixes:
	* CVE-2018-1303 low: Possible out of bound read in mod_cache_socache
	* CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown
	* CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request 
	* CVE-2018-1312 low: Weak Digest auth nonce generation in mod_auth_digest
	* CVE-2017-15715 low: &LTFilesMatch> bypass with a trailing newline in the file name
	* CVE-2017-15710 low: Out of bound write in mod_authnz_ldap when using too small Accept-Language values
	* CVE-2018-1283 medium: Tampering of mod_session data for CGI applications

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.962 High

EPSS

Percentile

99.5%