CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

CVE-2019-0190

Apache HTTP Server mod_ssl denial of service (CVE-2019-0190) occurs when renegotiations are mishandled with OpenSSL 1.1.1+, causing a loop and potential DoS. According to ALAS-2019-1166 and related advisories, the fix is to upgrade to Apache httpd 2.4.38 (mod_ssl 2.4.38) or newer; affected compon...

CVE-2018-17189

CVE-2018-17189 : In Apache HTTP Server 2.4.37 and earlier, mod_http2 can cause a DoS by handling slowloris-style request bodies, unnecessarily occupying a server thread for the h2 stream on HTTP/2 connections. Affected product: Apache HTTP Server with mod_http2. Impact: denial of service via thre...

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

CVE-2018-17199

In Apache HTTP Server 2.4.x up to 2.4.37, the vulnerability CVE-2018-17199 is caused by mod_session_cookie: the session expiry time is checked before decoding the session, so expiry is ignored for mod_session_cookie sessions. This means session expiry may not be enforced for affected sessions. Th...

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

UBUNTU-CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

UBUNTU-CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

Apache Httpd < 2.4.39 : mod_auth_digest access control bypass

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

Amazon Linux 2 : httpd (ALAS-2019-1155)

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...

Vulnerabilities fixed in Apache HTTP Server

Several vulnerabilities have been fixed in Apache HTTP Server. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to reuse an expired session cookie to be reused. Apache Software Foundation has made updates available for Apache HTTP Server to...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2019-04946)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in the handling of client-side renavigation by modssl in httpd in Apache HTTP Serve...

PT-2019-3931 · Apache +3 · Apache Http Server +3

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.37 through 2.4.38 Description: The issue is related to a flaw in the mod ssl component of the Apache HTTP Server, specifically concerning inadequate access control. This flaw can be exploited by a remote attack...

Security Bulletin: Security Vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager(CVE-2015-3183)

Summary There are vulnerabilities reported in IBM Websphere 7.0.0.37. IBM Tivoli Netcool Configuration Manager is affected by the following. Request smuggling vulnerability may affect the IBM HTTP Server used by IBM WebSphere Application Server Vulnerability Details CVEID: CVE-2015-3183...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 6 security and bug fix update

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 6 security and bug fix update

An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...