Lucene search
K

15 matches found

CVE
CVE
added 2019/04/08 9:31 p.m.14714 views

CVE-2019-0211

CVE-2019-0211 affects Apache HTTP Server 2.4.17–2.4.38 when using MPM event, worker, or prefork. The issue arises from code executing in less-privileged child processes/threads (including in-process scripting interpreters) that could be exploited to run arbitrary code with the privileges of the p...

7.8CVSS7.2AI score0.65005EPSS
In wildWeb
CVE
CVE
added 2019/08/13 8:50 p.m.5316 views

CVE-2019-9517

CVE-2019-9517 describes an attack against some HTTP/2 implementations where unconstrained internal data buffering can cause a denial of service. The vulnerability arises when an attacker floods a connection with a large number of requests for a large response object while manipulating HTTP/2 flow...

7.8CVSS7.7AI score0.27004EPSS
CVE
CVE
added 2019/06/11 8:49 p.m.4489 views

CVE-2019-0220

CVE-2019-0220 affects Apache HTTP Server 2.4.0–2.4.38. The issue arises when the path component of a request URL contains multiple consecutive slashes; directives like LocationMatch and RewriteRule must account for duplicates in regular expressions because the server may collapse or mishandle the...

5.3CVSS6.4AI score0.1786EPSS
CVE
CVE
added 2019/09/25 4:39 p.m.3676 views

CVE-2019-10098

Apache httpd (2.4.0–2.4.39) is affected by CVE-2019-10098 via mod_rewrite: self-referential redirects can be fooled by encoded newlines, causing redirects to an unexpected URL. Connected advisories confirm affected versions and that exploitation could enable phishing via redirects. Mitigation is ...

6.1CVSS7.7AI score0.73981EPSS
CVE
CVE
added 2019/09/26 2:40 p.m.3494 views

CVE-2019-10082

CVE-2019-10082 affects Apache HTTP Server 2.4.18–2.4.39, where fuzzed network input could cause read-after-free in http/2 session shutdown. Impact: remote, unauthenticated triggering memory faults in httpd workers, enabling potential DoS and other consequences. Connected sources indicate remediat...

9.1CVSS8.9AI score0.16549EPSS
CVE
CVE
added 2019/04/08 8:11 p.m.3445 views

CVE-2019-0217

This CVE affects Apache HTTP Server 2.4.x up to 2.4.38, where a race condition in mod_auth_digest could allow an authenticated user to act as another user and bypass access control. The issue is tied to running in threaded MPMs; the underlying cause is a race condition in authentication handling....

7.5CVSS7.5AI score0.17666EPSS
CVE
CVE
added 2019/01/30 10:0 p.m.3437 views

CVE-2018-17199

In Apache HTTP Server 2.4.x up to 2.4.37, the vulnerability CVE-2018-17199 is caused by mod_session_cookie: the session expiry time is checked before decoding the session, so expiry is ignored for mod_session_cookie sessions. This means session expiry may not be enforced for affected sessions. Th...

7.5CVSS6.4AI score0.19994EPSS
CVE
CVE
added 2019/09/26 2:7 p.m.3426 views

CVE-2019-10092

The CVE-2019-10092 entry concerns Apache HTTP Server 2.4.0–2.4.39 with a limited cross-site scripting in the mod_proxy error page. The vulnerability lets an attacker craft a link on the error page that could mislead users by pointing to a page of the attacker’s choosing, but exploitation requires...

6.1CVSS7.3AI score0.81466EPSS
CVE
CVE
added 2019/06/11 9:2 p.m.2208 views

CVE-2019-0196

The CVE-2019-0196 issue affects Apache HTTP Server 2.4.x (noted in several advisories) where the http/2 request handling could access freed memory during a string comparison to determine the request method, potentially causing incorrect request processing. This is tied to mod_http2 and is describ...

5.3CVSS6AI score0.193EPSS
CVE
CVE
added 2019/06/11 9:35 p.m.2161 views

CVE-2019-0197

The CVE-2019-0197 entry concerns Apache HTTP Server 2.4.34–2.4.38. When HTTP/2 is enabled for an http: host or H2Upgrade is enabled for h2 on an https: host, an Upgrade request from http/1.1 to http/2 that is not the first request on a connection could cause misconfiguration and crash. Servers th...

4.9CVSS5.5AI score0.08441EPSS
CVE
CVE
added 2019/08/15 9:2 p.m.1873 views

CVE-2019-10081

CVE-2019-10081 affects Apache httpd's HTTP/2 implementation (mod_http2) where very early pushes can overwrite memory in the pushing request’s pool, causing crashes. The vulnerable facet is the handling of push headers (not client data) and memory being copied from the configured push link header ...

7.5CVSS8.1AI score0.14563EPSS
CVE
CVE
added 2019/09/26 2:21 p.m.1495 views

CVE-2019-10097

CVE-2019-10097 affects Apache HTTP Server 2.4.32–2.4.39 when mod_remoteip is configured to use a trusted intermediary proxy server via the PROXY protocol. A specially crafted PROXY header can trigger a stack buffer overflow or NULL pointer dereference, potentially crashing the server or impacting...

7.2CVSS8AI score0.52873EPSS
CVE
CVE
added 2019/04/08 7:25 p.m.1367 views

CVE-2019-0215

CVE-2019-0215 affects Apache HTTP Server 2.4.37–2.4.38. A bug in mod_ssl for per-location client certificate verification with TLSv1.3 allowed bypass of configured access controls. Impact is access restriction bypass; no explicit exploitation details provided here. Remediation: upgrade to 2.4.39 ...

7.5CVSS6AI score0.10508EPSS
CVE
CVE
added 2019/01/30 10:0 p.m.1160 views

CVE-2018-17189

CVE-2018-17189 : In Apache HTTP Server 2.4.37 and earlier, mod_http2 can cause a DoS by handling slowloris-style request bodies, unnecessarily occupying a server thread for the h2 stream on HTTP/2 connections. Affected product: Apache HTTP Server with mod_http2. Impact: denial of service via thre...

5.3CVSS6.1AI score0.19404EPSS
CVE
CVE
added 2019/01/30 10:0 p.m.501 views

CVE-2019-0190

Apache HTTP Server mod_ssl denial of service (CVE-2019-0190) occurs when renegotiations are mishandled with OpenSSL 1.1.1+, causing a loop and potential DoS. According to ALAS-2019-1166 and related advisories, the fix is to upgrade to Apache httpd 2.4.38 (mod_ssl 2.4.38) or newer; affected compon...

7.5CVSS7.1AI score0.59942EPSS