24 matches found
Astra Linux - уязвимость в apache2
Apache HTTP Server versions 2.4.0 to 2.4.46: A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor can the Apache HTTP Server team have created such a report. However, certain compilers and/or compilation options...
Exploit for Observable Timing Discrepancy in Apache Http_Server
CTT-enhanced-Apache-modauthdigest-timing-attack-exploit CTT-...
BIT-APACHE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack
A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
SUSE CVE-2026-33006
A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
UBUNTU-CVE-2026-33006
A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
DEBIAN-CVE-2026-33006
A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
CVE-2026-33006
A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
CVE-2026-33006
A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack
A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
EUVD-2026-26961
A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
MiracleLinux 7 : httpd-2.4.6-89.0.1.el7.AXS7 (AXSA:2019-3965:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3965:02 advisory. httpd: Weak Digest auth nonce generation in modauthdigest CVE-2018-1312 Tenable has extracted the preceding description block directly from the MiracleLinux...
CLSA-2025-1751271625 httpd: Fix of CVE-2020-35452
CVE-2020-35452: modauthdigest: Fix single zero byte stack overflow...
SUSE CVE-2020-35452
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...
httpd: Single zero byte stack overflow in mod_auth_digest
A flaw was found in Apache httpd. The modauthdigest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CLSA-2021-1633601543 Fix of CVE: CVE-2020-35452
CVE-2020-35452: fix stack overflow in modauthdigest due to crafted digest nonce...
AZL-6475 CVE-2020-35452 affecting package httpd for versions less than 2.4.46-10
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...
DEBIAN-CVE-2020-35452
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...
httpd: mod_auth_digest: access control bypass due to race condition
A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
httpd: Uninitialized memory reflection in mod_auth_digest
It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...
httpd: Uninitialized memory reflection in mod_auth_digest
It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...