Lucene search
K

4434 matches found

Apache Httpd
Apache Httpd
added 2019/01/29 12:0 a.m.72 views

Apache Httpd < 2.4.39 : mod_http2, read-after-free on a string compare

Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly...

5.3CVSS1.1AI score0.193EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
added 2019/01/29 12:0 a.m.57 views

Apache Httpd < 2.4.39 : mod_http2, possible crash on late upgrade

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for...

4.9CVSS0.7AI score0.08441EPSS
Exploits0Affected Software1
ALT Linux
ALT Linux
added 2019/01/28 12:0 a.m.40 views

Security fix for the ALT Linux 8 package apache2 version 1:2.4.38-alt1

1:2.4.38-alt1 built Jan. 28, 2019 Anton Farygin in task 219984 Jan. 25, 2019 Anton Farygin - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow...

5CVSS6.9AI score0.59942EPSS
Exploits0
ALT Linux
ALT Linux
added 2019/01/25 12:0 a.m.45 views

Security fix for the ALT Linux 10 package apache2 version 1:2.4.38-alt1

Jan. 25, 2019 Anton Farygin 1:2.4.38-alt1 - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow request bodies. CVE-2018-17189...

5CVSS7.1AI score0.59942EPSS
Exploits0
ALT Linux
ALT Linux
added 2019/01/25 12:0 a.m.43 views

Security fix for the ALT Linux 9 package apache2 version 1:2.4.38-alt1

Jan. 25, 2019 Anton Farygin 1:2.4.38-alt1 - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow request bodies. CVE-2018-17189...

5CVSS7.1AI score0.59942EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/24 12:0 a.m.2647 views

Apache 2.4.x < 2.4.38 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.38. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability exists in HTTP/2 steam handling. An unauthenticated, remote attacker can exploit this issue, via...

7.5CVSS6.5AI score0.59942EPSS
Exploits0References5
Amazon
Amazon
added 2019/01/23 12:0 a.m.61 views

Medium: httpd

Issue Overview: In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...

5.9CVSS6.5AI score0.51002EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/01/22 9:50 p.m.64 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS2AI score0.19404EPSS
Exploits0References3
Veracode
Veracode
added 2019/01/15 9:26 a.m.39 views

Denial Of Service (DoS)

nginx is vulnerable to denial of service. The implementation of HTTP/2, when compiled with ngxhttpv2module and if the http2 option of the listen directive is used in a configuration file, contains a vulnerability which would allow an attacker to crash the service from excessive memory consumption...

7.5CVSS7.1AI score0.47057EPSS
Exploits0References13Affected Software1
Veracode
Veracode
added 2019/01/15 9:26 a.m.28 views

Denial Of Service (DoS)

haproxy is vulnerable to denial of service. An out-of-bounds read in the hpackvalididx function in HPACK decoder used for HTTP/2 allows a remote attacker to crash the service...

7.5CVSS7.2AI score0.03009EPSS
Exploits0References6Affected Software16
RedhatCVE
RedhatCVE
added 2019/01/09 3:19 a.m.37 views

CVE-2018-20615

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

7.5CVSS0.9AI score0.04459EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.137 views

Apache 2.4.x < 2.4.26 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.26. It is, therefore, affected by the following vulnerabilities : - An authentication bypass vulnerability exists due to third-party modules using the apgetbasicauthpw function outside of the...

9.8CVSS9.6AI score0.57472EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.56 views

SUSE SLES15 Security Update : apache2 (SUSE-SU-2018:3101-1)

This update for apache2 fixes the following issues : Security issues fixed : CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...

5.9CVSS6.5AI score0.51002EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.44 views

SUSE SLES15 Security Update : apache2 (SUSE-SU-2018:2424-1)

This update for apache2 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a NULL pointer dereference in...

7.5CVSS6.7AI score0.51714EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2018/12/31 12:0 a.m.26 views

CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

7.5CVSS6.8AI score0.04459EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/12/17 12:0 a.m.71 views

Amazon Linux AMI : nginx (ALAS-2018-1125)

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

7.8CVSS6.6AI score0.47057EPSS
Exploits0References3
Amazon
Amazon
added 2018/12/13 12:0 a.m.135 views

Medium: nginx

Issue Overview: nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used i...

7.8CVSS7AI score0.47057EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/12/10 12:0 a.m.41 views

EulerOS 2.0 SP3 : nginx (EulerOS-SA-2018-1399)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This...

8.2CVSS6.6AI score0.47057EPSS
Exploits1References4
OSV
OSV
added 2018/12/05 9:31 a.m.12 views

SUSE-SU-2018:3582-2 Security update for apache2

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...

5.9CVSS6AI score0.51002EPSS
Exploits0References3
Wallarm Lab
Wallarm Lab
added 2018/11/29 4:6 a.m.61 views

Happy graduation, Envoy!

Envoy, the new darling of the DevOps community, performs the role of a service and edge proxy. With advanced features such as timeouts, rate limiting, circuit breaking, load balancing, retries, stats, logging, and distributed tracing are required to handle network failures in a fault tolerant and...

7AI score
Exploits0
Rows per page
Query Builder