11652 matches found
Apache HTTP Server < 2.4.39 mod_ssl Access Control Bypass Vulnerability - Windows
In Apache HTTP Server a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpte...
Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability - Linux
In Apache HTTP Server, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be...
Apache HTTP Server < 2.4.39 mod_http2 Use-After-Free Vulnerability - Windows
Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a reference...
Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability - Linux
When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for...
Apache HTTP Server < 2.4.39 Privilege Escalation Vulnerability - Linux
In Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulating the...
Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability - Windows
In Apache HTTP Server, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be...
[SECURITY] Fedora 29 Update: httpd-2.4.39-2.fc29
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Debian: Security Advisory (DSA-4422-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 30 Update: httpd-2.4.39-2.fc30
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Cisco IOS XE Software TCP Denial of Service Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by following vulnerability - A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state...
Important: httpd24
Issue Overview: In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulati...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-3937-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3937-1 advisory. Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able ...
USN-3937-1: Apache HTTP Server vulnerabilities
Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. CVE-2019-0211 It was discovered that the Apache HTTP Server HTTP...
Apache Releases Security Update for Apache HTTP Server
The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Important: httpd
Issue Overview: In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulati...
Debian DSA-4422-1 : apache2 - security update
Several vulnerabilities have been found in the Apache HTTP server. - CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in modhttp2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming...
Debian DLA-1748-1 : apache2 security update
Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was...
EulerOS Virtualization 2.5.3 : httpd (EulerOS-SA-2019-1271)
According to the version of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This cause...
[SECURITY] [DSA 4422-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4422-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2019 https://www.debian.org/security/faq -...