Lucene search
K

4 matches found

CVE
CVE
added 2015/07/20 11:0 p.m.1588 views

CVE-2015-3185

CVE-2015-3185 affects Apache HTTP Server (httpd) 2.4.x up to before 2.4.14. The ap_some_auth_required() function in server/request.c could incorrectly treat a request as authenticated, allowing modules using this API to bypass intended access controls. The issue’s fix/backport is described as imp...

4.3CVSS6.6AI score0.18795EPSS
CVE
CVE
added 2015/07/20 11:0 p.m.842 views

CVE-2015-3183

CVE-2015-3183 affects the Apache HTTP Server (httpd) via a bug in parsing chunked transfer encoding headers, enabling HTTP request smuggling when handling large chunk sizes or invalid chunk extensions (related to modules/http/http_filters.c). The issue is fixed in downstream advisories and patche...

5CVSS6.5AI score0.73327EPSS
CVE
CVE
added 2015/03/08 2:0 a.m.739 views

CVE-2015-0228

Apache HTTP Server mod_lua contains a Denial of Service vulnerability in lua_websocket_read (lua_request.c) affecting versions up to 2.4.12. A remote attacker can crash a child process by sending a crafted WebSocket Ping frame after a Lua script has invoked wsupgrade. The provided documents confi...

5CVSS8.8AI score0.18812EPSS
CVE
CVE
added 2015/07/20 11:0 p.m.136 views

CVE-2015-0253

CVE-2015-0253 affects the Apache HTTP Server 2.4.12. The vulnerability arises in the read_request_line function within server/protocol.c, where the protocol structure member is not initialized. This can enable a remote attacker to trigger a denial-of-service via a NULL pointer dereference and cra...

5CVSS7.9AI score0.14734EPSS