Apache -- vulnerability

The Apache httpd Project reports: SECURITY: CVE-2018-17199 modsession: modsessioncookie does not respect expiry time allowing sessions to be reused. SECURITY: CVE-2019-0190 modssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 or earlier with OpenSSL 1.1.1 and later. ...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

USN-3340-1 apache2 vulnerabilities

Emmanuel Dreyfus discovered that third-party modules using the apgetbasicauthpw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new apgetbasicauthcomponents function for use by third-party modules. CVE-2017-3167 Vasileios...

ALPINE-CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

UBUNTU-CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

PT-2016-3171 · Apache +5 · Apache Http Server +5

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server mod ssl versions 2.2.x through 2.2.32 Apache HTTP Server mod ssl versions 2.4.x through 2.4.25 Description: The issue is related to a NULL pointer dereference error in the mod ssl module of the Apache HTTP Server. This erro...

PT-2014-2043 · Php +5 · Mod Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.4.30 PHP versions 5.5.x prior to 5.5.14 Description: The issue is related to a "type confusion" vulnerability in the phpinfo implementation, which might allow context-dependent attackers to obtain sensitive information...

UBUNTU-CVE-2014-4721

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...

Design/Logic Flaw

Unspecified vulnerability in the modssl component in Oracle Secure Backup 10.3.0.2 allows remote attackers to affect integrity and availability via unknown vectors...

apache mod-ssl 2.0.55 拒绝服务漏洞

No description provided by source...

apache mod-ssl 2.0.50 拒绝服务漏洞

No description provided by source...

apache mod-ssl 2.0.50 Denial-of-Service 拒绝服务漏洞

No description provided by source...

DEBIAN-CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

CentOS Security Advisory CESA-2009:1075 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1075. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-onl...

httpd: mod_ssl per-connection memory leak for connections with zlib compression

Memory leak in the zlibstatefulinit function in crypto/comp/czlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service memory consumption via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server modssl that specify...

mod_ssl ssl_util_uuencode_binary CA issue

Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...