1248 matches found
openSUSE Security Update : apache2 (openSUSE-2018-438)
This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...
Medium: httpd24
Issue Overview: Use-after-free on HTTP/2 stream shutdown When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this...
Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1
March 31, 2018 Anton Farygin 1:2.4.33-alt1 - 2.4.33 - fixes: CVE-2018-1303 low: Possible out of bound read in modcachesocache CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request...
BSA-2018-557
Security Advisory ID : BSA-2018-557 Component : Apache HTTPD Revision : 2.0: Final In Apache httpd, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not...
Design/Logic Flaw
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
DEBIAN-CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
ALPINE-CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
UBUNTU-CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
CVE-2018-7582
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service daemon crash via a long HTTP Accept Header to TCP port 9991...
CVE-2018-7582
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service daemon crash via a long HTTP Accept Header to TCP port 9991...
CVE-2018-7582
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service daemon crash via a long HTTP Accept Header to TCP port 9991...
WebLog Expert Web Server Enterprise 9.4 Denial Of Service Exploit
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: ======= www.weblogexpert.com Product: ========= WebLog Expert Web Server Enterprise v9.4 WebLog Expert is a fast and powerful access log analyzer. It will give you information about your site's visitors:...
FreeBSD : asterisk -- multiple vulnerabilities (933654ce-17b8-11e8-90b8-001999f8d30b)
The Asterisk project reports : AST-2018-004 - When processing a SUBSCRIBE request the respjsippubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Acce...
CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...