5762 matches found
mod_jk: connector path traversal due to mishandled HTTP requests in httpd
The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...
httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update
Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
Apache HTTP Server < 2.4.38 HTTP/2 DoS Vulnerability - Windows
By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. SPDX-FileCopyrightText: 2019...
Apache HTTP Server < 2.4.38 HTTP/2 DoS Vulnerability - Linux
By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. SPDX-FileCopyrightText: 2019...
Apache HTTP Server 2.4.37 mod_ssl DoS Vulnerability - Linux
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability - Linux
In Apache HTTP Server modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions...
Oracle Secure Global Desktop Multiple Vulnerabilities (January 2019 CPU)
The version of Oracle Secure Global Desktop installed on the remote host is 5.4 and is missing a security patch from the January 2019 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability exists in Apache HTTP Server 2.4.17 to...
Security Bulletin: Vulnerabilities in Apache affect the IBM Flex System Manager (FSM): (CVE-2013-6438, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231)
Summary Vulnerabilities in Apache affect the IBM Flex System Manager FSM: CVE-2013-6438, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231 Vulnerability Details Abstract Vulnerabilities in Apache affect the IBM Flex System Manager FSM: CVE-2013-6438, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231 Content...
Apache HTTP Server Authorization Issues Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server is vulnerable to an authorization issue. The vulnerability stems from modsession detecting the expiration time ...
CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
Design/Logic Flaw
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
DEBIAN-CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
ALPINE-CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
Session fixation
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
CVE-2019-0190
Apache HTTP Server mod_ssl denial of service (CVE-2019-0190) occurs when renegotiations are mishandled with OpenSSL 1.1.1+, causing a loop and potential DoS. According to ALAS-2019-1166 and related advisories, the fix is to upgrade to Apache httpd 2.4.38 (mod_ssl 2.4.38) or newer; affected compon...