11652 matches found
CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
UBUNTU-CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
UBUNTU-CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
Apache Httpd < 2.4.39 : mod_auth_digest access control bypass
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2019 CPU)
The version of Oracle HTTP Server installed on the remote host is affected by vulnerabilities as noted in the January 2019 CPU advisory: - This vulnerability is in the Oracle HTTP server component of Oracle Fusion Middleware subcomponent: Web Listener. The affected version is 12.1.2.3. This is an...
Amazon Linux 2 : httpd (ALAS-2019-1155)
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...
CVE-2019-3462: apt/apt-get remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net
0x00 vulnerability background 2019 1 May 22, @Max Justicz in his blog is disclosed about the debian-based package Manager apt/apt-get remote code execution in some detail. When by APT for any software installation, update, etc., the default will be to go HTTP instead of HTTPS, an attacker can MiT...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2019-04946)
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in the handling of client-side renavigation by modssl in httpd in Apache HTTP Serve...
Vulnerabilities fixed in Apache HTTP Server
Several vulnerabilities have been fixed in Apache HTTP Server. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to reuse an expired session cookie to be reused. Apache Software Foundation has made updates available for Apache HTTP Server to...
PT-2019-3931 · Apache +3 · Apache Http Server +3
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.37 through 2.4.38 Description: The issue is related to a flaw in the mod ssl component of the Apache HTTP Server, specifically concerning inadequate access control. This flaw can be exploited by a remote attack...
Medium: httpd
Issue Overview: In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
Qualys Cloud Platform (VM, PC) 8.16 New Features
This new release of the Qualys Cloud Platform VM, PC, version 8.16, contains several new improvements in Qualys Vulnerability Management and Qualys Policy Compliance, which includes new password security option, increased limit for virtual hosts that can be added to a subscription, added support...
Security Bulletin: Security Vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager(CVE-2015-3183)
Summary There are vulnerabilities reported in IBM Websphere 7.0.0.37. IBM Tivoli Netcool Configuration Manager is affected by the following. Request smuggling vulnerability may affect the IBM HTTP Server used by IBM WebSphere Application Server Vulnerability Details CVEID: CVE-2015-3183...