Lucene search
K

11652 matches found

NVD
NVD
added 2019/04/08 9:29 p.m.31 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS7.5AI score0.17666EPSS
Exploits0References39
Prion
Prion
added 2019/04/08 9:29 p.m.37 views

Race condition

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

6CVSS7.3AI score0.17666EPSS
Exploits0References39Affected Software10
OSV
OSV
added 2019/04/08 9:29 p.m.30 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS7.4AI score
Exploits0References39
OSV
OSV
added 2019/04/08 8:29 p.m.31 views

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...

7.5CVSS6.5AI score
Exploits0References29
Prion
Prion
added 2019/04/08 8:29 p.m.34 views

Improper access control

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...

6CVSS7.3AI score0.10508EPSS
Exploits0References29Affected Software2
CVE
CVE
added 2019/04/08 8:11 p.m.3441 views

CVE-2019-0217

This CVE affects Apache HTTP Server 2.4.x up to 2.4.38, where a race condition in mod_auth_digest could allow an authenticated user to act as another user and bypass access control. The issue is tied to running in threaded MPMs; the underlying cause is a race condition in authentication handling....

7.5CVSS7.5AI score0.17666EPSS
Exploits0References39Affected Software1
Debian CVE
Debian CVE
added 2019/04/08 8:11 p.m.50 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS7AI score0.17666EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/04/08 8:11 p.m.58 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS7.8AI score0.17666EPSS
Exploits0
Cvelist
Cvelist
added 2019/04/08 8:11 p.m.69 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.7AI score0.17666EPSS
Exploits0References39
Debian CVE
Debian CVE
added 2019/04/08 7:25 p.m.48 views

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...

7.5CVSS8AI score0.10508EPSS
Exploits0
CVE
CVE
added 2019/04/08 7:25 p.m.1361 views

CVE-2019-0215

CVE-2019-0215 affects Apache HTTP Server 2.4.37–2.4.38. A bug in mod_ssl for per-location client certificate verification with TLSv1.3 allowed bypass of configured access controls. Impact is access restriction bypass; no explicit exploitation details provided here. Remediation: upgrade to 2.4.39 ...

7.5CVSS6AI score0.10508EPSS
Exploits0References29Affected Software1
AlpineLinux
AlpineLinux
added 2019/04/08 7:25 p.m.57 views

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...

7.5CVSS6.4AI score0.10508EPSS
Exploits0
Cvelist
Cvelist
added 2019/04/08 7:25 p.m.43 views

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...

6.1AI score0.10508EPSS
Exploits0References29
ATTACKERKB
ATTACKERKB
added 2019/04/08 12:0 a.m.171 views

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

7.8CVSS8.1AI score0.65005EPSS
In wildExploits8References66
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.66 views

SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0888-1)

This update for apache2 fixes the following issues : CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout a...

7.5CVSS7AI score0.19994EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.73 views

Apache HTTP Server < 2.4.39 Multiple Vulnerabilities

Binary data 700509.prm...

7.8CVSS6.9AI score0.65005EPSS
Exploits8References7
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.119 views

Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability - Windows

In Apache HTTP Server, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be...

7.5CVSS6.8AI score0.17666EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.78 views

Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability - Linux

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for...

4.9CVSS6AI score0.08441EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.172 views

Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Linux

When the path component of a request URL contains multiple consecutive slashes SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.9AI score0.1786EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.37 views

Apache HTTP Server < 2.4.39 mod_http2 Use-After-Free Vulnerability - Windows

Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a reference...

5.3CVSS6.5AI score0.193EPSS
Exploits0References1
Rows per page
Query Builder