Lucene search
K

633 matches found

AlpineLinux
AlpineLinux
added 2019/04/08 7:25 p.m.57 views

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...

7.5CVSS6.4AI score0.10508EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.74 views

Apache HTTP Server < 2.4.39 Multiple Vulnerabilities

Binary data 700509.prm...

7.8CVSS6.9AI score0.65005EPSS
Exploits8References7
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.50 views

Apache 2.4.x < 2.4.39 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.39. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in module scripts due to an ability to execute arbitrary code as the parent process by...

7.8CVSS8.5AI score0.65005EPSS
Exploits8References8
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.252 views

Fedora 29 : httpd (2019-119b14075a)

This update includes the latest upstream release of Apache httpd, version 2.4.39, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES2.4.39 The following security vulnerabilities are addressed : - CVE-2019-0211...

7.8CVSS7AI score0.65005EPSS
Exploits8References5
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.82 views

Apache HTTP Server < 2.4.39 mod_ssl Access Control Bypass Vulnerability - Windows

In Apache HTTP Server a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpte...

7.5CVSS7.6AI score0.10508EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.162 views

Apache HTTP Server < 2.4.39 mod_ssl Access Control Bypass Vulnerability - Linux

In Apache HTTP Server a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpte...

7.5CVSS7.6AI score0.10508EPSS
Exploits0References1
Amazon
Amazon
added 2019/04/04 12:0 a.m.120 views

Important: httpd

Issue Overview: In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulati...

7.8CVSS7.8AI score0.65005EPSS
Exploits8
ALT Linux
ALT Linux
added 2019/04/03 12:0 a.m.77 views

Security fix for the ALT Linux 8 package apache2 version 1:2.4.39-alt1

1:2.4.39-alt1 built April 3, 2019 Anton Farygin in task 226418 April 2, 2019 Anton Farygin - 2.4.39 - fixes: Apache HTTP Server privilege escalation from modules scripts. CVE-2019-0211 modauthdigest access control bypass. CVE-2019-0217 modssl access control bypass. CVE-2019-0215 Apache httpd URL...

7.2CVSS7.4AI score0.65005EPSS
Exploits8
The Hacker News
The Hacker News
added 2019/04/02 5:38 p.m.230 views

New Apache Web Server Bug Threatens Security of Shared Web Hosts

Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software. The Apache web server is one of the most popular, widely used open-source web servers in...

7.8CVSS0.65005EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2019/04/02 10:50 a.m.49 views

CVE-2019-0215

A flaw was found in Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38. A bug in modssl, when using per-location client certificate verification with TLSv1.3, allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. An attacker could perform vario...

7.5CVSS2.2AI score0.10508EPSS
Exploits0References5
Kaspersky
Kaspersky
added 2019/04/01 12:0 a.m.58 views

KLA12365 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Denial of service...

7.8CVSS9.5AI score0.65005EPSS
Exploits8References3
FreeBSD
FreeBSD
added 2019/04/01 12:0 a.m.77 views

Apache -- Multiple vulnerabilities

The Apache httpd Project reports: Apache HTTP Server privilege escalation from modules' scripts CVE-2019-0211 important modauthdigest access control bypass CVE-2019-0217 important modssl access control bypass CVE-2019-0215 important modhttp2, possible crash on late upgrade CVE-2019-0197 low...

7.8CVSS1.4AI score0.65005EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2019/03/12 12:0 a.m.52 views

Amazon Linux AMI : httpd24 (ALAS-2019-1166)

In Apache HTTP server by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections. CVE-2018-17189 A bug exists in the way modssl handled client...

7.5CVSS6.3AI score0.59942EPSS
Exploits0References4
Amazon
Amazon
added 2019/03/06 12:0 a.m.228 views

Important: httpd24

Issue Overview: In Apache HTTP server by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections. CVE-2018-17189 A bug exists in the way modss...

7.5CVSS6.8AI score0.59942EPSS
Exploits0
Kaspersky
Kaspersky
added 2019/02/28 12:0 a.m.48 views

KLA12364 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in modsessioncookie can be exploited to spoof user interface. 2...

7.5CVSS7.3AI score0.59942EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/20 10:0 p.m.59 views

Security Bulletin: Vulnerabilities CVE-2018-17199, CVE-2018-17189, and CVE-2019-0190 in the IBM i HTTP Server affect IBM i.

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-0190 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the improper handling of client negotiations by modssl. By sending a specially crafted...

7.5CVSS1.2AI score0.59942EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2019/02/05 12:0 a.m.431 views

Apache HTTP Server 2.4.37 mod_ssl DoS Vulnerability - Windows

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS7.3AI score0.59942EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/02/05 12:0 a.m.108 views

Apache HTTP Server 2.4.37 mod_ssl DoS Vulnerability - Linux

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS7.3AI score0.59942EPSS
Exploits0References1
NVD
NVD
added 2019/01/30 10:29 p.m.28 views

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS7.3AI score0.59942EPSS
Exploits0References20
Prion
Prion
added 2019/01/30 10:29 p.m.37 views

Design/Logic Flaw

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

5CVSS7.1AI score0.59942EPSS
Exploits0References20Affected Software5
Rows per page
Query Builder