Lucene search
K

11 matches found

CVE
CVE
added 2017/06/20 1:0 a.m.22685 views

CVE-2017-7679

CVE-2017-7679 affects Apache HTTP Server (httpd) mod_mime. A buffer over-read allows reading one byte past the end of a buffer when sending a malicious Content-Type header, potentially enabling a crash or memory access issues. Affected products include httpd 2.2.x before 2.2.33 and 2.4.x before 2...

9.8CVSS9.5AI score0.39341EPSS
CVE
CVE
added 2017/06/20 1:0 a.m.7623 views

CVE-2017-3167

CVE-2017-3167 affects Apache httpd 2.2.x prior to 2.2.33 and 2.4.x prior to 2.4.26. The issue is that third‑party modules using ap_get_basic_auth_pw() outside the authentication phase can bypass authentication requirements. Connected sources confirm the impact and upstream fixes: update to httpd ...

9.8CVSS9.6AI score0.20231EPSS
CVE
CVE
added 2017/06/20 1:0 a.m.6046 views

CVE-2017-7668

CVE-2017-7668: Apache httpd contains a buffer over-read in ap_find_token() caused by strict HTTP parsing changes in 2.2.32 and 2.4.24. A remote attacker can craft headers to crash the httpd process or have ap_find_token() return an incorrect value. Affected distributions have addressed this by up...

7.5CVSS8.4AI score0.57472EPSS
CVE
CVE
added 2017/06/20 1:0 a.m.5929 views

CVE-2017-3169

CVE-2017-3169 affects Apache HTTP Server (httpd) up to the fixed versions: 2.2.x before 2.2.33 and 2.4.x before 2.4.26. The vulnerability is a NULL pointer dereference in the httpd’s mod_ssl component when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS po...

9.8CVSS9.4AI score0.19953EPSS
CVE
CVE
added 2017/09/18 3:0 p.m.3410 views

CVE-2017-9798

CVE-2017-9798 affects the Apache HTTP Server (httpd) up to 2.4.27 and 2.2.34. A use-after-free flaw in how httpd handles invalid/previously unregistered HTTP methods specified by the Limit directive (used in .htaccess or certain httpd.conf configurations) can allow a remote, unauthenticated attac...

7.5CVSS7.7AI score0.94999EPSS
CVE
CVE
added 2017/07/13 4:0 p.m.3291 views

CVE-2017-9788

Apache httpd vulnerability CVE-2017-9788 stems from mod_auth_digest not initializing or resetting the value placeholder in Digest Proxy-Authorization headers between key=value assignments, which can leak previous memory data or cause a segfault/DoS. Affected: httpd 2.2.34 and 2.4.x prior to 2.4.2...

9.1CVSS8.4AI score0.5677EPSS
CVE
CVE
added 2017/07/27 9:0 p.m.2277 views

CVE-2016-8743

The CVE-2016-8743 issue affects Apache HTTP Server. It concerns how whitespace is accepted in requests and sent in response lines and headers in all releases before 2.2.32 and 2.4.25. The root problem is liberal whitespace handling, which can enable request smuggling, response splitting, and cach...

7.5CVSS7.7AI score0.13252EPSS
CVE
CVE
added 2017/07/27 9:0 p.m.1802 views

CVE-2016-0736

CVE-2016-0736 affects Apache HTTP Server’s mod_session_crypto (2.4.0–2.4.23). It used CBC/ECB modes (AES256-CBC by default) without authenticated encryption, enabling padding oracle-style attacks. The fix is to upgrade to Apache HTTPD 2.4.25 (or later) where mod_session_crypto is updated to authe...

7.5CVSS7.5AI score0.49024EPSS
Web
CVE
CVE
added 2017/07/27 9:0 p.m.1707 views

CVE-2016-2161

CVE-2016-2161 affects Apache HTTP Server 2.4.0–2.4.23 in the mod_auth_digest pathway. Malicious input to mod_auth_digest could cause the server to crash, and subsequent valid requests could still trigger crashes. The connected advisory pages confirm Apache’s fix to 2.4.25 (and related advisories)...

7.5CVSS7.5AI score0.20952EPSS
CVE
CVE
added 2017/07/26 9:0 p.m.625 views

CVE-2017-7659

The CVE-2017-7659 issue affects the Apache HTTP Server (mod_http2) where a malicious HTTP/2 request could dereference a NULL pointer and crash the server process. Concrete details across connected docs show this vulnerability in Apache httpd before a fixed release (2.4.26) and are addressed by va...

7.5CVSS8.2AI score0.53939EPSS
CVE
CVE
added 2017/07/13 4:0 p.m.270 views

CVE-2017-9789

CVE-2017-9789 concerns Apache httpd 2.4.26. The HTTP/2 handling code may access memory after it has been freed when under stress (closing many connections), leading to erratic behavior. Connected advisories confirm the vulnerability is in mod_http2 and suggest upgrading to a fixed version (e.g., ...

7.5CVSS8.2AI score0.09507EPSS