4 matches found
Updated apache packages fix security vulnerability
modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC CVE-2016-0736...
The vulnerability of the mod_ssl module in the Apache HTTP Server allows a hacker to gain access to local files.
The vulnerability of the modssl module in the Apache HTTP Server is related to NULL pointer dereferencing errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to local files by calling the external module function aphookprocessconnection during an HTTPS...
CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...
UBUNTU-CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...