The vulnerability of the Apache HTTP Server web server, related to the occurrence of operations outside the buffer in memory, allows attackers to cause service interruptions.

The vulnerability of the Apache HTTP Server is related to the issue of operations going beyond the buffer in memory after reaching the read size limit for HTTP headers. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the RewriteRule module in the Apache web server, related to the use of incorrect URL names, allows attackers to access sensitive data.

The vulnerability of the RewriteRule module in the Apache web server is related to incorrect processing of requests that contain several slash characters /. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data...

The vulnerability of the Apache HTTP Server web server, related to uncontrolled resource consumption, allows attackers to cause service interruptions.

The vulnerability of the Apache HTTP Server web server is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted HTTP/2 requests...

The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server allows a attacker to cause service failures or lead to incorrect server configuration.

The vulnerability of the HTTP/2 web server implementation in Apache HTTP Server is related to deficiencies in HTTP request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures or lead to incorrect server configuration...

RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6 (Important) (RHSA-2019:3932)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3932 advisory. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a...

httpd: mod_session_cookie does not respect expiry time

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

httpd: mod_http2: possible crash on late upgrade

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

httpd: mod_http2: possible crash on late upgrade

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

The vulnerability of the <FilesMatch> component in the Apache HTTP Server allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the component in the Apache HTTP Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

httpd: URL normalization inconsistency

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server allows for uncontrolled resource consumption, enabling attackers to cause service failures.

The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server allows for uncontrolled resource consumption, enabling attackers to disclose sensitive information.

The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

The vulnerability of the HTTP/2 web server implementation of Apache HTTP Server, related to reading beyond the buffer in memory, allows attackers to cause service failures.

The vulnerability of the HTTP/2 web server implementation in Apache HTTP Server is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

Mail.ru: Information disclosure with sensitive data

Apache server status was available at touch.mail.ru, leaking some requests information...

DEBIAN-CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted pro...

ALPINE-CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted pro...

SKA - Simple Karma Attack

SKA allows you to implement a very simple and fast karma attack. You can sniff probe requests to choice the fake AP name or, if you want, you could insert manually the name of the AP evil twin attack. When the target has connected to your WLAN you could active the HTTP redirection and perform a...

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in the Apache HTTP Server. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Access to sensitive data. Denial-of-Service DoS. Cross-Site Scripting XSS Apache has made updates available...

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for bett...