Updated apache packages fix security vulnerability

modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC CVE-2016-0736...

httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)

A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash...

[SECURITY] [DSA 3980-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3980-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3980-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3980-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq -...

Ubuntu: Security Advisory (USN-3425-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3425-1 apache2 vulnerability

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed...