4 matches found
CVE-2015-3185
CVE-2015-3185 affects Apache HTTP Server (httpd) 2.4.x up to before 2.4.14. The ap_some_auth_required() function in server/request.c could incorrectly treat a request as authenticated, allowing modules using this API to bypass intended access controls. The issue’s fix/backport is described as imp...
CVE-2015-3183
CVE-2015-3183 affects the Apache HTTP Server (httpd) via a bug in parsing chunked transfer encoding headers, enabling HTTP request smuggling when handling large chunk sizes or invalid chunk extensions (related to modules/http/http_filters.c). The issue is fixed in downstream advisories and patche...
CVE-2015-0228
Apache HTTP Server mod_lua contains a Denial of Service vulnerability in lua_websocket_read (lua_request.c) affecting versions up to 2.4.12. A remote attacker can crash a child process by sending a crafted WebSocket Ping frame after a Lua script has invoked wsupgrade. The provided documents confi...
CVE-2015-0253
CVE-2015-0253 affects the Apache HTTP Server 2.4.12. The vulnerability arises in the read_request_line function within server/protocol.c, where the protocol structure member is not initialized. This can enable a remote attacker to trigger a denial-of-service via a NULL pointer dereference and cra...