Http Server@2.4.29 Security Vulnerabilities and Issues — Http Server@2.4.29 CVE List

Lucene search

ApacheHttp Server2.4.29

3 matches found

CVE•added 2018/03/26 3:29 p.m.•7165 views

CVE-2018-1312

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed acros...

9.8CVSS7.5AI score0.09062EPSS

CVE•added 2018/03/26 3:29 p.m.•2910 views

CVE-2017-15710

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conv...

7.5CVSS7.5AI score0.11702EPSS

CVE•added 2019/01/30 10:29 p.m.•1091 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

5.3CVSS6.1AI score0.04923EPSS