Lucene search
K

11652 matches found

OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.82 views

Apache HTTP Server < 2.4.39 mod_ssl Access Control Bypass Vulnerability - Windows

In Apache HTTP Server a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpte...

7.5CVSS7.6AI score0.10508EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.104 views

Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability - Linux

In Apache HTTP Server, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be...

7.5CVSS6.8AI score0.17666EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.37 views

Apache HTTP Server < 2.4.39 mod_http2 Use-After-Free Vulnerability - Windows

Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a reference...

5.3CVSS6.5AI score0.193EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.78 views

Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability - Linux

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for...

4.9CVSS6AI score0.08441EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.3036 views

Apache HTTP Server < 2.4.39 Privilege Escalation Vulnerability - Linux

In Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulating the...

7.8CVSS7.6AI score0.65005EPSS
Exploits8References3
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.119 views

Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability - Windows

In Apache HTTP Server, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be...

7.5CVSS6.8AI score0.17666EPSS
Exploits0References1
Fedora
Fedora
added 2019/04/06 7:44 p.m.72 views

[SECURITY] Fedora 29 Update: httpd-2.4.39-2.fc29

The Apache HTTP Server is a powerful, efficient, and extensible web server...

7.8CVSS1.1AI score0.65005EPSS
Exploits8
OpenVAS
OpenVAS
added 2019/04/06 12:0 a.m.122 views

Debian: Security Advisory (DSA-4422-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.65005EPSS
Exploits8References6
Fedora
Fedora
added 2019/04/05 12:3 a.m.56 views

[SECURITY] Fedora 30 Update: httpd-2.4.39-2.fc30

The Apache HTTP Server is a powerful, efficient, and extensible web server...

7.8CVSS1.1AI score0.65005EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2019/04/05 12:0 a.m.45 views

Cisco IOS XE Software TCP Denial of Service Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by following vulnerability - A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state...

7.1CVSS6.8AI score0.02004EPSS
Exploits0References3
Amazon
Amazon
added 2019/04/05 12:0 a.m.211 views

Important: httpd24

Issue Overview: In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulati...

7.8CVSS7.7AI score0.65005EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2019/04/05 12:0 a.m.106 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-3937-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3937-1 advisory. Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able ...

7.8CVSS7.5AI score0.65005EPSS
Exploits8References7
Ubuntu
Ubuntu
added 2019/04/04 3:8 p.m.333 views

USN-3937-1: Apache HTTP Server vulnerabilities

Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. CVE-2019-0211 It was discovered that the Apache HTTP Server HTTP...

7.8CVSS7.6AI score0.65005EPSS
Exploits8
CISA
CISA
added 2019/04/04 12:0 a.m.11 views

Apache Releases Security Update for Apache HTTP Server

The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

7.2AI score
Exploits0References1
Amazon
Amazon
added 2019/04/04 12:0 a.m.120 views

Important: httpd

Issue Overview: In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulati...

7.8CVSS7.8AI score0.65005EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.64 views

Debian DSA-4422-1 : apache2 - security update

Several vulnerabilities have been found in the Apache HTTP server. - CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in modhttp2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming...

7.8CVSS6.9AI score0.65005EPSS
Exploits8References17
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.56 views

Debian DLA-1748-1 : apache2 security update

Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was...

7.5CVSS7.1AI score0.1786EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.47 views

EulerOS Virtualization 2.5.3 : httpd (EulerOS-SA-2019-1271)

According to the version of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This cause...

7.5CVSS6.4AI score0.19994EPSS
Exploits0References2
Debian
Debian
added 2019/04/03 9:10 a.m.58 views

[SECURITY] [DSA 4422-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2019 https://www.debian.org/security/faq -...

7.2CVSS0.3AI score0.65005EPSS
Exploits8
Debian
Debian
added 2019/04/03 9:10 a.m.245 views

[SECURITY] [DSA 4422-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2019 https://www.debian.org/security/faq -...

7.8CVSS8.5AI score0.65005EPSS
Exploits8
Rows per page
Query Builder