Lucene search
K

11652 matches found

AlpineLinux
AlpineLinux
added 2019/01/30 10:0 p.m.52 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS6.7AI score0.19994EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/01/30 10:0 p.m.52 views

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS7.3AI score0.59942EPSS
Exploits0
Debian CVE
Debian CVE
added 2019/01/30 10:0 p.m.37 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS6.2AI score0.19404EPSS
Exploits0
Cvelist
Cvelist
added 2019/01/30 10:0 p.m.42 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

6.2AI score0.19404EPSS
Exploits0References30
UbuntuCve
UbuntuCve
added 2019/01/30 12:0 a.m.54 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS6.7AI score0.19994EPSS
Exploits0References3
OSV
OSV
added 2019/01/30 12:0 a.m.4 views

UBUNTU-CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS6.8AI score0.19404EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/01/30 12:0 a.m.38 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS6.8AI score0.19404EPSS
Exploits0References3
OSV
OSV
added 2019/01/30 12:0 a.m.2 views

UBUNTU-CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS6.7AI score0.19994EPSS
Exploits0References4
Apache Httpd
Apache Httpd
added 2019/01/29 12:0 a.m.123 views

Apache Httpd < 2.4.39 : mod_auth_digest access control bypass

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS2AI score0.17666EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/28 12:0 a.m.709 views

Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2019 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by vulnerabilities as noted in the January 2019 CPU advisory: - This vulnerability is in the Oracle HTTP server component of Oracle Fusion Middleware subcomponent: Web Listener. The affected version is 12.1.2.3. This is an...

7.8CVSS7.7AI score0.00452EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/25 12:0 a.m.53 views

Amazon Linux 2 : httpd (ALAS-2019-1155)

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...

5.9CVSS6.5AI score0.51002EPSS
Exploits0References2
myhack58
myhack58
added 2019/01/24 12:0 a.m.56 views

CVE-2019-3462: apt/apt-get remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net

0x00 vulnerability background 2019 1 May 22, @Max Justicz in his blog is disclosed about the debian-based package Manager apt/apt-get remote code execution in some detail. When by APT for any software installation, update, etc., the default will be to go HTTP instead of HTTPS, an attacker can MiT...

0.14555EPSS
Exploits0
CNVD
CNVD
added 2019/01/24 12:0 a.m.11 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2019-04946)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in the handling of client-side renavigation by modssl in httpd in Apache HTTP Serve...

7.5CVSS8.7AI score0.59942EPSS
Exploits0References1
NCSC
NCSC
added 2019/01/24 12:0 a.m.5 views

Vulnerabilities fixed in Apache HTTP Server

Several vulnerabilities have been fixed in Apache HTTP Server. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to reuse an expired session cookie to be reused. Apache Software Foundation has made updates available for Apache HTTP Server to...

7.5CVSS7.8AI score0.59942EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2019/01/23 12:0 a.m.7 views

PT-2019-3931 · Apache +3 · Apache Http Server +3

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.37 through 2.4.38 Description: The issue is related to a flaw in the mod ssl component of the Apache HTTP Server, specifically concerning inadequate access control. This flaw can be exploited by a remote attack...

9CVSS6.7AI score0.65005EPSS
Exploits9References83
Amazon
Amazon
added 2019/01/23 12:0 a.m.61 views

Medium: httpd

Issue Overview: In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...

5.9CVSS6.5AI score0.51002EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/01/22 9:50 p.m.64 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS2AI score0.19404EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/01/22 9:50 p.m.55 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS0.7AI score0.19994EPSS
Exploits0References2
Qualys Blog
Qualys Blog
added 2019/01/22 8:6 p.m.313 views

Qualys Cloud Platform (VM, PC) 8.16 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.16, contains several new improvements in Qualys Vulnerability Management and Qualys Policy Compliance, which includes new password security option, increased limit for virtual hosts that can be added to a subscription, added support...

7.6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/22 4:30 p.m.42 views

Security Bulletin: Security Vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager(CVE-2015-3183)

Summary There are vulnerabilities reported in IBM Websphere 7.0.0.37. IBM Tivoli Netcool Configuration Manager is affected by the following. Request smuggling vulnerability may affect the IBM HTTP Server used by IBM WebSphere Application Server Vulnerability Details CVEID: CVE-2015-3183...

5CVSS0.1AI score0.73327EPSS
Exploits0Affected Software1
Rows per page
Query Builder