CVE-2018-17082

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in sapi/apache2handler/sapiapache2.c...

CVE-2018-17082

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in sapi/apache2handler/sapiapache2.c...

CVE-2018-17082

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in sapi/apache2handler/sapiapache2.c...

CVE-2018-17082

The CVE-2018-17082 entry covers a cross-site scripting vulnerability in the Apache2 module of PHP. Affected releases are PHP with Apache2 handler: PHP 5.6.38 and earlier in 5.6.x; 7.0.x before 7.0.32; 7.1.x before 7.1.22; and 7.2.x before 7.2.10. The root cause is mishandling of the bucket brigad...

CVE-2018-17082

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in sapi/apache2handler/sapiapache2.c...

CVE-2018-17082

Removed by vendor...

Internet Bug Bounty: Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS

Hey, Chunked requests can trigger xss and html injection at any end point because the APRBRIGADEINSERTTAILbrigade, bucket is getting destroyed by other handlers. Affected versions: Any OS: Any https://bugs.php.net/bug.php?id=76 Prashanths-MacBook-Pro: prashanthvarma$ nc localhost 80 POST /lol.php...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/php-5.6.38-i586-1slack14.2.txz: Upgraded. One security bug has been fixed in this release: Apache2: XSS due to the header...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:2554-1)

This update for apache2 fixes the following issues : Security issues fixed : CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chai...

openSUSE Security Update : apache2 (openSUSE-2018-893)

This update for apache2 fixes the following issues : The following security vulnerability were fixed : - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. This update was imported from the SUSE:SLE-12-SP2:Update...

openSUSE Security Update : apache2 (openSUSE-2018-907)

This update for apache2 fixes the following issues : The following security vulnerabilities were fixed : - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a NULL pointer dereference in...

Security update for apache2 (moderate)

This update for apache2 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a null pointer dereference in modm...

openSUSE: Security Advisory for apache2 (openSUSE-SU-2018:2397-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for apache2 (moderate)

This update for apache2 fixes the following issues: The following security vulnerability were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. This update was imported from the SUSE:SLE-12-SP2:Update...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:2336-1)

This update for apache2 fixes the following issues: The following security vulnerability were fixed : - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. Note that Tenable Network Security has extracted the...

SUSE-SU-2018:2336-1 Security update for apache2

This update for apache2 fixes the following issues: The following security vulnerability were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689...

Security fix for the ALT Linux 9 package apache2 version 1:2.4.34-alt1

July 31, 2018 Anton Farygin 1:2.4.34-alt1 - 2.4.34 - fixes: CVE-2018-1333 DoS for HTTP/2 connections by crafted requests CVE-2018-8011 modmd, DoS via Coredumps on specially crafted requests...

Security fix for the ALT Linux 10 package apache2 version 1:2.4.34-alt1

July 31, 2018 Anton Farygin 1:2.4.34-alt1 - 2.4.34 - fixes: CVE-2018-1333 DoS for HTTP/2 connections by crafted requests CVE-2018-8011 modmd, DoS via Coredumps on specially crafted requests...

Security fix for the ALT Linux 8 package apache2 version 1:2.4.34-alt1

July 31, 2018 Anton Farygin 1:2.4.34-alt1 - 2.4.34 - fixes: CVE-2018-1333 DoS for HTTP/2 connections by crafted requests CVE-2018-8011 modmd, DoS via Coredumps on specially crafted requests...

Security Bulletin: Multiple vulnerabilities in apache2 affect IBM Flex System Manager (FSM)

Summary Multiple vulnerabilities have been identified in apache2 that is embedded in the FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3167 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the use of the...