Lucene search
K

43 matches found

Mageia
Mageia
added 2020/08/18 5:41 p.m.63 views

Updated apache packages fix security vulnerability

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

9.8CVSS9.5AI score0.90039EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2020/08/13 12:0 a.m.4130 views

Apache 2.4.x < 2.4.46 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.46. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.46 advisory. - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 - Apache HTTP Server versio...

9.8CVSS6.8AI score0.90039EPSS
Exploits4References3
Veracode
Veracode
added 2020/08/11 3:25 a.m.43 views

Denial Of Service (DoS)

apache2 is vulnerable to denial of service DoS. The vulnerability exists when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 abov...

7.5CVSS3.7AI score0.58716EPSS
Exploits2References41Affected Software15
OSV
OSV
added 2020/08/07 4:15 p.m.50 views

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

7.5CVSS6.7AI score0.58716EPSS
Exploits2References26
NVD
NVD
added 2020/08/07 4:15 p.m.39 views

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

7.5CVSS8.6AI score0.58716EPSS
Exploits2References26
Prion
Prion
added 2020/08/07 4:15 p.m.42 views

Information disclosure

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

4.3CVSS8.4AI score0.58716EPSS
Exploits2References26Affected Software12
OSV
OSV
added 2020/08/07 4:15 p.m.4 views

UBUNTU-CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

7.5CVSS6.9AI score0.58716EPSS
Exploits2References5
AlpineLinux
AlpineLinux
added 2020/08/07 3:32 p.m.68 views

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

7.5CVSS8.8AI score0.58716EPSS
Exploits2
Debian CVE
Debian CVE
added 2020/08/07 3:32 p.m.90 views

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

7.5CVSS6.6AI score0.58716EPSS
Exploits2
CVE
CVE
added 2020/08/07 3:32 p.m.3075 views

CVE-2020-11993

CVE-2020-11993 affects Apache HTTP Server 2.4.20–2.4.43: when trace/debug is enabled for the HTTP/2 module and certain traffic patterns, logging can be performed on the wrong connection, leading to concurrent use of memory pools. Mitigation in public advisories: set LogLevel for mod_http2 above i...

7.5CVSS8.6AI score0.58716EPSS
In wildExploits2References26Affected Software1
Cvelist
Cvelist
added 2020/08/07 3:32 p.m.94 views

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

8.7AI score0.58716EPSS
Exploits2References26
FreeBSD
FreeBSD
added 2020/08/07 12:0 a.m.108 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd projec reports: modhttp2: Important: Push Diary Crash on Specifically Crafted HTTP/2 Header CVE-2020-9490 A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards...

9.8CVSS0.5AI score0.90039EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2020/08/07 12:0 a.m.8 views

PT-2020-5483 · Apache +8 · Apache Http Server +8

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.20 through 2.4.43 Description: The issue is related to the implementation of the HTTP/2 mechanism in the Apache HTTP Server, which can lead to inconsistent interpretation of HTTP requests. This can cause loggin...

9.8CVSS6.5AI score0.90039EPSS
Exploits4References151
Apache Httpd
Apache Httpd
added 2020/06/16 12:0 a.m.167 views

Apache Httpd < 2.4.44 : Push Diary Crash on Specifically Crafted HTTP/2 Header

In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate...

7.5CVSS8.6AI score0.58716EPSS
Exploits2Affected Software1
Slackware Linux
Slackware Linux
added 2020/02/21 12:38 a.m.23 views

[slackware-security] proftpd

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/proftpd-1.3.6c-i586-1slack14.2.txz: Upgraded. No CVEs assigned, but this sure looks like a security issue: Use-after-fr...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/04/06 12:0 a.m.32 views

Fedora 27 : mod_http2 (2018-0a95bff197)

This update includes the latest upstream release of modhttp2, version 1.10.16. This includes a security fix CVE-2018-1302 : When an HTTP/2 stream was destroyed after being handled, modhttp2 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by th...

5.9CVSS6.8AI score0.13436EPSS
Exploits0References2
Prion
Prion
added 2018/03/26 3:29 p.m.19 views

Null pointer dereference

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

4.3CVSS7.2AI score0.13436EPSS
Exploits0References23Affected Software2
OSV
OSV
added 2018/03/26 3:29 p.m.25 views

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

5.9CVSS6.8AI score0.13436EPSS
Exploits0References23
UbuntuCve
UbuntuCve
added 2018/03/26 12:0 a.m.39 views

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

5.9CVSS6.8AI score0.13436EPSS
Exploits0References4
Apache Httpd
Apache Httpd
added 2018/01/23 12:0 a.m.90 views

Apache Httpd < 2.4.33 : Possible write of after free on HTTP/2 stream shutdown

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter...

5.9CVSS1.6AI score0.13436EPSS
Exploits0Affected Software1
Rows per page
Query Builder