Lucene search

K
freebsdFreeBSDF38187E7-2F6E-11E8-8F07-B499BAEBFEAF
HistoryMar 23, 2018 - 12:00 a.m.

apache -- multiple vulnerabilities

2018-03-2300:00:00
vuxml.freebsd.org
55

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.962 High

EPSS

Percentile

99.5%

The Apache httpd reports:

Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig
enabled (CVE-2017-15710)
mod_session: CGI-like applications that intend to read from
mod_session’s ‘SessionEnv ON’ could be fooled into reading
user-supplied data instead. (CVE-2018-1283)
mod_cache_socache: Fix request headers parsing to avoid a possible
crash with specially crafted input data. (CVE-2018-1303)
core: Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production
LogLevel. (CVE-2018-1301)
core: Configure the regular expression engine to match ‘$’ to the
end of the input string only, excluding matching the end of any
embedded newline characters. Behavior can be changed with new
directive ‘RegexDefaultOptions’. (CVE-2017-15715)
mod_auth_digest: Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
may cause problems if used with round robin load balancers.
(CVE-2018-1312)
mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchapache24< 2.4.30UNKNOWN
FreeBSDanynoarchapache22< 2.2.34_5UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.962 High

EPSS

Percentile

99.5%