5762 matches found
CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...
CVE-2018-1283
It has been discovered that the modsession module of Apache HTTP Server httpd, through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header...
CVE-2018-1302
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...
CVE-2018-1301
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode both log and build level...
apache -- multiple vulnerabilities
The Apache httpd reports: Out of bound write in modauthnzldap with AuthLDAPCharsetConfig enabled CVE-2017-15710 modsession: CGI-like applications that intend to read from modsession's 'SessionEnv ON' could be fooled into reading user-supplied data instead. CVE-2018-1283 modcachesocache: Fix reque...
KLA12361 Multiple vulnerabilities in Apache HTTP Server
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Out of bounds read vulnerability in modcachesocache...
Apache HTTP Server 'mod_cluster' DoS Vulnerability - Linux
Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache HTTP Server 'mod_cluster' Denial of Service Vulnerability - Windows
Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for php CESA-2018:0406 centos7
Check the version of php SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882850";...
Solaris 10 (x86) : 120544-34
Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Apache HTTP Server. The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in...
CentOS 7 : php (CESA-2018:0406)
An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Solaris 10 (sparc) : 120543-34
Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Apache HTTP Server. The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in...
Solaris 10 (x86) : 120544-33
Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Apache HTTP Server. The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in...
Solaris 10 (sparc) : 120543-35
Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Apache HTTP Server. The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in...
Solaris 10 (x86) : 120544-35
Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Apache HTTP Server. The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in...
php security update
CentOS Errata and Security Advisory CESA-2018:0406 An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Input validation
Apache HTTP Server modcluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process...
CVE-2016-8612
Apache HTTP Server modcluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process...
Oracle Linux 7 : php (ELSA-2018-0406)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-0406 advisory. 5.4.16-43.1 - gd: fix buffer over-read into uninitialized memory CVE-2017-7890 Tenable has extracted the preceding description block directly from the Oracle...
RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...