Lucene search
K

11652 matches found

CNVD
CNVD
added 2019/01/31 12:0 a.m.38 views

Apache HTTP Server Authorization Issues Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server is vulnerable to an authorization issue. The vulnerability stems from modsession detecting the expiration time ...

7.5CVSS8.6AI score0.19994EPSS
Exploits0References1
Prion
Prion
added 2019/01/30 10:29 p.m.37 views

Design/Logic Flaw

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

5CVSS7.1AI score0.59942EPSS
Exploits0References20Affected Software5
NVD
NVD
added 2019/01/30 10:29 p.m.28 views

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS7.3AI score0.59942EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2019/01/30 10:29 p.m.44 views

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS6.8AI score0.59942EPSS
Exploits0References2
NVD
NVD
added 2019/01/30 10:29 p.m.29 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS7.5AI score0.19994EPSS
Exploits0References28
OSV
OSV
added 2019/01/30 10:29 p.m.41 views

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS6.5AI score
Exploits0References20
Prion
Prion
added 2019/01/30 10:29 p.m.35 views

Session fixation

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

5CVSS7.4AI score0.19994EPSS
Exploits0References28Affected Software4
OSV
OSV
added 2019/01/30 10:29 p.m.33 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS6.6AI score
Exploits0References30
OSV
OSV
added 2019/01/30 10:29 p.m.43 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS7.5AI score
Exploits0References28
OSV
OSV
added 2019/01/30 10:29 p.m.3 views

DEBIAN-CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS7.5AI score0.59942EPSS
Exploits0References1
OSV
OSV
added 2019/01/30 10:29 p.m.2 views

ALPINE-CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS6.8AI score0.59942EPSS
Exploits0References1
NVD
NVD
added 2019/01/30 10:29 p.m.21 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS6.1AI score0.19404EPSS
Exploits0References30
Prion
Prion
added 2019/01/30 10:29 p.m.25 views

Design/Logic Flaw

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5CVSS6AI score0.19404EPSS
Exploits0References30Affected Software10
CVE
CVE
added 2019/01/30 10:0 p.m.3429 views

CVE-2018-17199

In Apache HTTP Server 2.4.x up to 2.4.37, the vulnerability CVE-2018-17199 is caused by mod_session_cookie: the session expiry time is checked before decoding the session, so expiry is ignored for mod_session_cookie sessions. This means session expiry may not be enforced for affected sessions. Th...

7.5CVSS6.4AI score0.19994EPSS
Exploits0References28Affected Software1
CVE
CVE
added 2019/01/30 10:0 p.m.498 views

CVE-2019-0190

Apache HTTP Server mod_ssl denial of service (CVE-2019-0190) occurs when renegotiations are mishandled with OpenSSL 1.1.1+, causing a loop and potential DoS. According to ALAS-2019-1166 and related advisories, the fix is to upgrade to Apache httpd 2.4.38 (mod_ssl 2.4.38) or newer; affected compon...

7.5CVSS7.1AI score0.59942EPSS
Exploits0References20Affected Software1
Cvelist
Cvelist
added 2019/01/30 10:0 p.m.42 views

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.2AI score0.59942EPSS
Exploits0References20
Cvelist
Cvelist
added 2019/01/30 10:0 p.m.75 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

6.5AI score0.19994EPSS
Exploits0References28
Debian CVE
Debian CVE
added 2019/01/30 10:0 p.m.49 views

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS7AI score0.59942EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/01/30 10:0 p.m.52 views

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS7.3AI score0.59942EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/01/30 10:0 p.m.52 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS6.7AI score0.19994EPSS
Exploits0
Rows per page
Query Builder