Lucene search
K

36 matches found

Debian CVE
Debian CVE
added 2020/06/02 6:25 p.m.25 views

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS7.5AI score0.04404EPSS
Exploits1
Prion
Prion
added 2019/04/08 9:29 p.m.37 views

Race condition

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

6CVSS7.3AI score0.17666EPSS
Exploits0References39Affected Software10
NVD
NVD
added 2019/04/08 9:29 p.m.32 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS7.5AI score0.17666EPSS
Exploits0References39
OSV
OSV
added 2019/04/08 9:29 p.m.3 views

DEBIAN-CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS6.7AI score0.17666EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/04/08 8:11 p.m.76 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.7AI score0.17666EPSS
Exploits0References39
Debian CVE
Debian CVE
added 2019/04/08 8:11 p.m.50 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS7AI score0.17666EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/04/08 8:11 p.m.58 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS7.8AI score0.17666EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.66 views

SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0888-1)

This update for apache2 fixes the following issues : CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout a...

7.5CVSS7AI score0.19994EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.57 views

Debian DLA-1748-1 : apache2 security update

Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was...

7.5CVSS7.1AI score0.1786EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/04/02 12:0 a.m.50 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS7AI score0.17666EPSS
Exploits0References4
OSV
OSV
added 2019/03/21 4:1 p.m.4 views

CVE-2019-6973

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server based on gSOAP 2.8.x is configured for an iterative queueing approach aka non-threaded operation with a timeout of several seconds...

7.5CVSS7.1AI score0.13776EPSS
Exploits5References3
Metasploit
Metasploit
added 2017/12/29 7:16 p.m.46 views

Brother Debut http Denial Of Service

The Debut embedded HTTP server 'Brother Debut http Denial Of Service', 'Description' = %q The Debut embedded HTTP server MSFLICENSE, 'Author' = 'z00n ', vulnerability disclosure 'h00die' metasploit module , 'References' = 'CVE', '2017-16249' , 'URL',...

7.5CVSS0.2AI score0.59386EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2012/05/07 6:13 p.m.6 views

httpd: NULL pointer dereference crash in mod_log_config

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...

2.6CVSS7.3AI score0.30809EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2010/11/18 5:48 a.m.70 views

USN-1018-1: OpenSSL vulnerability

Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges. CVE-2010-3864...

7.6CVSS8AI score0.22145EPSS
Exploits0
Exploit DB
Exploit DB
added 2003/09/25 12:0 a.m.25 views

GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1)

// source: https://www.securityfocus.com/bid/8699/info cfengine is prone to a stack-based buffer overrun vulnerability. This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd. This issue is due to insufficient bounds checking of data that is read in...

7.4AI score
Exploits0
Apache Httpd
Apache Httpd
added 2003/04/25 12:0 a.m.36 views

Apache Httpd < 2.0.46 : Basic Authentication DoS

A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...

5CVSS5.2AI score0.15122EPSS
Exploits0Affected Software1
Rows per page
Query Builder