5762 matches found
CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...
CVE-2019-0217
This CVE affects Apache HTTP Server 2.4.x up to 2.4.38, where a race condition in mod_auth_digest could allow an authenticated user to act as another user and bypass access control. The issue is tied to running in threaded MPMs; the underlying cause is a race condition in authentication handling....
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...
CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...
CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...
Apache HTTP Server < 2.4.39 Multiple Vulnerabilities
Binary data 700509.prm...
Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability - Linux
In Apache HTTP Server, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be...
Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability - Windows
In Apache HTTP Server, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be...
Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Windows
When the path component of a request URL contains multiple consecutive slashes SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability - Linux
When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for...
Apache HTTP Server < 2.4.39 mod_ssl Access Control Bypass Vulnerability - Linux
In Apache HTTP Server a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpte...
Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Linux
When the path component of a request URL contains multiple consecutive slashes SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server < 2.4.39 mod_http2 Use-After-Free Vulnerability - Windows
Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a reference...
Apache HTTP Server < 2.4.39 Privilege Escalation Vulnerability - Linux
In Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulating the...
SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0888-1)
This update for apache2 fixes the following issues : CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout a...
[SECURITY] Fedora 29 Update: httpd-2.4.39-2.fc29
The Apache HTTP Server is a powerful, efficient, and extensible web server...
[SECURITY] Fedora 30 Update: httpd-2.4.39-2.fc30
The Apache HTTP Server is a powerful, efficient, and extensible web server...