USN-3627-1: Apache HTTP Server vulnerabilities

Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server modauthnzldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2017-15710 Elar Lang discovered that...

[SECURITY] Fedora 27 Update: php-7.1.16-1.fc27

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Fedora 27 : httpd (2018-375e3244b6)

This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release : - Low: Possible out of bound read in modcachesocache CVE-2018-1303 - Low: Possible out of bound access after failure in reading the HTTP...

[ASA-201804-4] apache: multiple issues

Arch Linux Security Advisory ASA-201804-4 ========================================= Severity: Medium Date : 2018-04-04 CVE-ID : CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 Package : apache Type : multiple issues Remote : Yes Link :...

Debian DSA-4164-1 : apache2 - security update

Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that modauthnzldap, if configured with AuthLDAPCharsetConfig, could cause an out of bound write if supplied with a crafted Accept-Language header. This could potentially be...

Apache HTTP Server Multiple Vulnerabilities (Apr 2018) - Linux

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Apache HTTP Server Denial of Service Vulnerability (Apr 2018) - Linux

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server Multiple Vulnerabilities (Apr 2018) - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Apache HTTP Server Denial of Service Vulnerability-02 (Apr 2018) - Linux

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server Denial of Service Vulnerability (Apr 2018) - Windows

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-9157

An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude...

CVE-2018-9156

An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude modul...

Cross site request forgery (csrf)

DISPUTED An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server...

Cross site request forgery (csrf)

DISPUTED An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server...

CVE-2018-9156

An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude modul...

CVE-2018-9157

An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude...

CVE-2018-9157

AXIS M1033-W IP camera, firmware 5.40.5.1 , is affected by CVE-2018-9157. The issue allows uploading a crafted .shtml webshell via the fileUpload.shtml endpoint, which is interpreted by Apache HTTP Server’s mod_include and can execute system commands. After successful upload, an attacker can perf...

CVE-2018-9156

AXIS P1354 IP camera (Firmware 5.90.1.1) is affected by CVE-2018-9156 due to an upload page that does not verify file types, enabling a webshell upload via fileUpload.shtml for a custom .shtml file. The shell can be interpreted by Apache mod_include (

Apache HTTP Server mod_authnz_ldap Denial of Service Vulnerability

Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in modauthnzldap in Apache httpd versions 2.0.23 through 2.0.65, 2.2.0 through 2.2.34, and 2.4.0 through 2.4.2...

BSA-2018-559

Security Advisory ID : BSA-2018-559 Component : Apache HTTPD Revision : 2.0: Final Apache HTTP Server httpd modsession modulehas an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session"...