7 matches found
httpd: mod_session_cookie does not respect expiry time
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
httpd: mod_session_cookie does not respect expiry time
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7
An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
httpd: mod_session_cookie does not respect expiry time
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
httpd: mod_session_cookie does not respect expiry time
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
UBUNTU-CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
Apache 2.4.x < 2.4.38 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.38. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability exists in HTTP/2 steam handling. An unauthenticated, remote attacker can exploit this issue, via...