Lucene search
K

142 matches found

Prion
Prion
added 2019/01/30 10:29 p.m.35 views

Session fixation

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

5CVSS7.4AI score0.19994EPSS
Exploits0References28Affected Software4
NVD
NVD
added 2019/01/30 10:29 p.m.30 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS7.5AI score0.19994EPSS
Exploits0References28
OSV
OSV
added 2019/01/30 10:29 p.m.43 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS7.5AI score
Exploits0References28
CVE
CVE
added 2019/01/30 10:0 p.m.3430 views

CVE-2018-17199

In Apache HTTP Server 2.4.x up to 2.4.37, the vulnerability CVE-2018-17199 is caused by mod_session_cookie: the session expiry time is checked before decoding the session, so expiry is ignored for mod_session_cookie sessions. This means session expiry may not be enforced for affected sessions. Th...

7.5CVSS6.4AI score0.19994EPSS
Exploits0References28Affected Software1
Cvelist
Cvelist
added 2019/01/30 10:0 p.m.79 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

6.5AI score0.19994EPSS
Exploits0References28
AlpineLinux
AlpineLinux
added 2019/01/30 10:0 p.m.52 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS6.7AI score0.19994EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/01/30 12:0 a.m.54 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS6.7AI score0.19994EPSS
Exploits0References3
Debian
Debian
added 2019/01/29 9:28 p.m.145 views

[SECURITY] [DLA 1647-1] apache2 security update

Package : apache2 Version : 2.4.10-10+deb8u13 CVE ID : CVE-2018-17199 Diego Angulo from ImExHS discovered an issue in the webserver apache2. The module modsession ignored the expiry time of sessions handled by modsessioncookie, because the expiry time is available only after decoding the session...

7.5CVSS6.7AI score0.19994EPSS
Exploits0
OpenVAS
OpenVAS
added 2019/01/29 12:0 a.m.50 views

Debian: Security Advisory (DLA-1647-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8AI score0.19994EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/01/24 12:0 a.m.279 views

FreeBSD : Apache -- vulnerability (eb888ce5-1f19-11e9-be05-4c72b94353b5)

The Apache httpd Project reports : SECURITY: CVE-2018-17199 modsession: modsessioncookie does not respect expiry time allowing sessions to be reused. SECURITY: CVE-2019-0190 modssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 or earlier with OpenSSL 1.1.1 and later...

7.5CVSS6.4AI score0.59942EPSS
Exploits0References6
ArchLinux
ArchLinux
added 2019/01/24 12:0 a.m.64 views

[ASA-201901-14] apache: multiple issues

Arch Linux Security Advisory ASA-201901-14 ========================================== Severity: High Date : 2019-01-24 CVE-ID : CVE-2018-17189 CVE-2018-17199 CVE-2019-0190 Package : apache Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-857 Summary ======= The packag...

7.5CVSS1.2AI score0.59942EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2019/01/22 9:50 p.m.55 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS0.7AI score0.19994EPSS
Exploits0References2
Mageia
Mageia
added 2018/11/20 11:11 a.m.66 views

Updated apache packages fix security vulnerabilities

modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two...

9.8CVSS1.1AI score0.86006EPSS
Exploits0References6
OSV
OSV
added 2018/11/20 11:11 a.m.18 views

MGASA-2018-0460 Updated apache packages fix security vulnerabilities

modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two...

9.8CVSS6.9AI score0.86006EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2018/11/13 8:36 a.m.5 views

httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications

It has been discovered that the modsession module of Apache HTTP Server httpd, through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header...

5.3CVSS7.2AI score0.10118EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/05/14 12:0 a.m.40 views

Fedora 26 : httpd (2018-e6d9251471)

This update : - fixes the modmd default store directory - fixes a startup failure in certain modssl vhost configurations ---- This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release : - Low: Possibl...

9.8CVSS6.5AI score0.86006EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2018/05/08 12:0 a.m.43 views

Ubuntu: Security Advisory (USN-3627-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.86006EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/05/04 12:0 a.m.254 views

Amazon Linux AMI : httpd24 (ALAS-2018-1004)

Use-after-free on HTTP/2 stream shutdown When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to...

9.8CVSS6.3AI score0.86006EPSS
Exploits0References8
Amazon
Amazon
added 2018/05/03 12:0 a.m.66 views

Medium: httpd24

Issue Overview: Use-after-free on HTTP/2 stream shutdown When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this...

9.8CVSS7.3AI score0.86006EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/04/30 4:34 p.m.133 views

USN-3627-2: Apache HTTP Server vulnerabilities

USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server modauthnzldap module incorrectly handled missing charset encoding headers. A...

9.8CVSS6.6AI score0.86006EPSS
Exploits0
Rows per page
Query Builder