36 matches found
CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
Race condition
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
DEBIAN-CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0888-1)
This update for apache2 fixes the following issues : CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout a...
Debian DLA-1748-1 : apache2 security update
Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
CVE-2019-6973
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server based on gSOAP 2.8.x is configured for an iterative queueing approach aka non-threaded operation with a timeout of several seconds...
Brother Debut http Denial Of Service
The Debut embedded HTTP server 'Brother Debut http Denial Of Service', 'Description' = %q The Debut embedded HTTP server MSFLICENSE, 'Author' = 'z00n ', vulnerability disclosure 'h00die' metasploit module , 'References' = 'CVE', '2017-16249' , 'URL',...
httpd: NULL pointer dereference crash in mod_log_config
The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...
USN-1018-1: OpenSSL vulnerability
Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges. CVE-2010-3864...
GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1)
// source: https://www.securityfocus.com/bid/8699/info cfengine is prone to a stack-based buffer overrun vulnerability. This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd. This issue is due to insufficient bounds checking of data that is read in...
Apache Httpd < 2.0.46 : Basic Authentication DoS
A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...