Lucene search
K

13 matches found

CVE
CVE
added 2018/03/26 3:0 p.m.7385 views

CVE-2018-1312

CVE-2018-1312 affects Apache httpd 2.2.0–2.4.29 where nonce generation for HTTP Digest authentication was not seeded with a proper pseudo-random seed. This allowed replay across servers in a common Digest configuration. Public advisories (CentOS, Debian, Arch Linux, ALT Linux) fix confirmed in ve...

9.8CVSS7.5AI score0.15885EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.4812 views

CVE-2017-15715

CVE-2017-15715 affects Apache HTTP Server 2.4.0–2.4.29. The issue: the expression could treat a trailing '$' as a newline in a malicious filename, bypassing filename-end checks and potentially allowing uploads that would otherwise be blocked. Documents consistently describe this as a bypass vuln...

8.1CVSS7.2AI score0.86006EPSS
In wild
CVE
CVE
added 2018/03/26 3:0 p.m.3574 views

CVE-2018-1283

In Apache httpd (mod_session) versions 2.4.0–2.4.29, when SessionEnv forwarding is enabled to CGI applications, a remote attacker can influence their content by sending a crafted Session header. This arises from mod_session forwarding data using the HTTP_SESSION variable name, which overlaps with...

5.3CVSS7AI score0.10118EPSS
CVE
CVE
added 2018/03/09 8:0 p.m.3153 views

CVE-2016-8612

CVE-2016-8612 affects Apache HTTP Server mod_cluster prior to httpd 2.4.23, with a flaw in the protocol parsing logic of the load balancer that can cause a Segmentation Fault in the httpd process due to improper input validation. Exploitation details are not provided in the connected documents; r...

4.3CVSS5.2AI score0.04692EPSS
CVE
CVE
added 2018/08/14 1:0 p.m.3114 views

CVE-2016-4975

CVE-2016-4975: Apache HTTP Server is vulnerable to CRLF injection in mod_userdir causing HTTP response splitting. Affected: 2.4.1–2.4.23. Mitigation/fix: upgrade to Apache HTTP Server 2.4.25 (and 2.2.32 for the 2.2 line). The issue is resolved by changes that prohibit CR or LF injection into head...

6.1CVSS6.9AI score0.19798EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.2999 views

CVE-2017-15710

The CVE-2017-15710 issue affects Apache httpd when mod_authnz_ldap is used with AuthLDAPCharsetConfig. A crafted Accept-Language header is looked up in a charset table; if not present, it is truncated to two characters, and values shorter than two characters trigger an out-of-bounds write of a NU...

7.5CVSS7.5AI score0.18197EPSS
CVE
CVE
added 2018/09/25 9:0 p.m.1656 views

CVE-2018-11763

CVE-2018-11763 affects Apache HTTP Server 2.4.17–2.4.34 and targets the HTTP/2 implementation. The issue arises when a client sends continuous, large SETTINGS frames, allowing a single connection to occupy a server thread and CPU time without triggering a connection timeout. Impact is limited to ...

5.9CVSS5.6AI score0.51002EPSS
CVE
CVE
added 2018/06/18 6:0 p.m.1290 views

CVE-2018-1333

CVE-2018-1333 affects Apache HTTP Server. By specially crafting HTTP/2 requests, workers could be allocated 60 seconds longer than necessary, causing worker exhaustion and denial of service. Affected versions: 2.4.18–2.4.30 and 2.4.33; fixed in 2.4.34. The vulnerability originates from the HTTP/2...

7.5CVSS6.3AI score0.17103EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.1179 views

CVE-2018-1301

CVE-2018-1301 affects the Apache HTTP Server (httpd) prior to 2.4.30, caused by an out-of-bounds access after a size limit is reached when reading the HTTP header. Impact described as a crash (low risk for normal usage). Affected component is httpd’s HTTP header parsing; root cause is an out-of-b...

5.9CVSS7.5AI score0.15564EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.1172 views

CVE-2018-1303

CVE-2018-1303: An out-of-bounds read in mod_cache_socache could crash the Apache HTTP Server prior to 2.4.30, enabling a DoS against users of httpd. The issue is discussed across multiple advisories (Debian/ALT Linux/Arch Linux security notes and CentOS RH advisories) and is attributed to imprope...

7.5CVSS7.3AI score0.70783EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.1070 views

CVE-2018-1302

Apache HTTP Server (httpd) before 2.4.30 may write a NULL pointer to freed memory when an HTTP/2 stream is destroyed after handling. This is described as low risk and hard to trigger in standard configurations, with no reproducibility outside debug builds. Affected releases include older 2.4.x li...

5.9CVSS6.4AI score0.13436EPSS
CVE
CVE
added 2018/07/26 5:0 p.m.727 views

CVE-2017-12171

CVE-2017-12171 is a vulnerability reported for Red Hat Enterprise Linux 6.9 with httpd 2.2.15-60. The regression causes comments in the Allow and Deny directives to be parsed incorrectly, potentially allowing a remote attacker to bypass access controls and gain access to a restricted HTTP resourc...

6.5CVSS6.6AI score0.08078EPSS
CVE
CVE
added 2018/07/18 2:0 p.m.389 views

CVE-2018-8011

CVE-2018-8011 affects the Apache httpd mod_md component. By sending specially crafted HTTP requests, the mod_md challenge handler could dereference a NULL pointer and cause the child process to segfault, enabling a denial of service. Impact: DoS via crafted requests; affected version: 2.4.33, fix...

7.5CVSS7.3AI score0.51714EPSS