VuXML ID | Description |
76b085e2-9d33-11e7-9260-000c292ee6b8 | Apache -- HTTP OPTIONS method can leak server memory
The Fuzzing Project reports:
Apache httpd allows remote attackers to read secret data from
process memory if the Limit directive can be set in a user's
.htaccess file, or if httpd.conf has certain misconfigurations,
aka Optionsbleed. This affects the Apache HTTP Server through
2.2.34 and 2.4.x through 2.4.27. The attacker sends an
unauthenticated OPTIONS HTTP request when attempting to read
secret data. This is a use-after-free issue and thus secret data
is not always sent, and the specific data depends on many factors
including configuration. Exploitation with .htaccess can be
blocked with a patch to the ap_limit_section function in
server/core.c.
Discovery 2017-09-18 Entry 2017-09-19 apache24
< 2.4.27_1
apache22
< 2.2.34_1
https://nvd.nist.gov/vuln/detail/CVE-2017-9798
CVE-2017-9798
|
65539c54-2517-11e2-b9d6-20cf30e32f6d | apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports:
low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687
Possible XSS for sites which use mod_negotiation and
allow untrusted uploads to locations which have MultiViews enabled.
low: insecure LD_LIBRARY_PATH handling CVE-2012-0883
This issue was already fixed in port version 2.2.22_5
Discovery 2012-09-13 Entry 2012-11-02 apache22
gt 2.2.0 lt 2.2.23
apache22-event-mpm
gt 2.2.0 lt 2.2.23
apache22-itk-mpm
gt 2.2.0 lt 2.2.23
apache22-peruser-mpm
gt 2.2.0 lt 2.2.23
apache22-worker-mpm
gt 2.2.0 lt 2.2.23
CVE-2012-2687
CVE-2012-0833
|
29083f8e-2ca8-11e5-86ff-14dae9d210b8 | apache22 -- chunk header parsing defect
Apache Foundation reports:
CVE-2015-3183 core: Fix chunk header parsing defect. Remove
apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN
filter, parse chunks in a single pass with zero copy. Limit accepted
chunk-size to 2^63-1 and be strict about chunk-ext authorized
characters.
Discovery 2015-06-24 Entry 2015-07-17 apache22
apache22-event-mpm
apache22-itk-mpm
apache22-peruser-mpm
apache22-worker-mpm
le 2.2.29_5
http://www.apache.org/dist/httpd/Announcement2.2.html
https://github.com/apache/httpd/commit/29779fd08c18b18efc5e640d74cbe297c7ec007e
CVE-2015-3183
|
f3d24aee-e5ad-11e2-b183-20cf30e32f6d | apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports:
The mod_rewrite module in the Apache HTTP Server 2.2.x before
2.2.25 writes data to a log file without sanitizing
non-printable characters, which might allow remote attackers to
execute arbitrary commands via an HTTP request containing an
escape sequence for a terminal emulator.
mod_dav: Sending a MERGE request against a URI handled by
mod_dav_svn with the source href (sent as part of the request
body as XML) pointing to a URI that is not configured for DAV
will trigger a segfault.
Discovery 2013-06-21 Entry 2013-07-05 Modified 2013-07-10 apache22
gt 2.2.0 lt 2.2.25
apache22-event-mpm
gt 2.2.0 lt 2.2.25
apache22-itk-mpm
gt 2.2.0 lt 2.2.25
apache22-peruser-mpm
gt 2.2.0 lt 2.2.25
apache22-worker-mpm
gt 2.2.0 lt 2.2.25
CVE-2013-1862
CVE-2013-1896
|
f927e06c-1109-11e4-b090-20cf30e32f6d | apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports:
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to
avoid denial of service via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
DeflateInflateRatioBurst.
mod_cgid: Fix a denial of service against CGI scripts that do not consume
stdin that could lead to lingering HTTPD child processes filling up the
scoreboard and eventually hanging the server. By default, the client I/O
timeout (Timeout directive) now applies to communication with scripts. The
CGIDScriptTimeout directive can be used to set a different timeout for
communication with scripts.
Fix a race condition in scoreboard handling, which could lead to a heap
buffer overflow.
core: HTTP trailers could be used to replace HTTP headers late during
request processing, potentially undoing or otherwise confusing modules
that examined or modified request headers earlier. Adds "MergeTrailers"
directive to restore legacy behavior.
Discovery 2014-07-19 Entry 2014-07-24 Modified 2014-09-03 apache22
gt 2.2.0 lt 2.2.29
apache22-event-mpm
gt 2.2.0 lt 2.2.29
apache22-itk-mpm
gt 2.2.0 lt 2.2.29
apache22-peruser-mpm
gt 2.2.0 lt 2.2.29
apache22-worker-mpm
gt 2.2.0 lt 2.2.29
CVE-2014-0118
CVE-2014-0231
CVE-2014-0226
CVE-2013-5704
|
f38187e7-2f6e-11e8-8f07-b499baebfeaf | apache -- multiple vulnerabilities
The Apache httpd reports:
Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig
enabled (CVE-2017-15710)
mod_session: CGI-like applications that intend to read from
mod_session's 'SessionEnv ON' could be fooled into reading
user-supplied data instead. (CVE-2018-1283)
mod_cache_socache: Fix request headers parsing to avoid a possible
crash with specially crafted input data. (CVE-2018-1303)
core: Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production
LogLevel. (CVE-2018-1301)
core: Configure the regular expression engine to match '$' to the
end of the input string only, excluding matching the end of any
embedded newline characters. Behavior can be changed with new
directive 'RegexDefaultOptions'. (CVE-2017-15715)
mod_auth_digest: Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
may cause problems if used with round robin load balancers.
(CVE-2018-1312)
mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)
Discovery 2018-03-23 Entry 2018-03-24 Modified 2018-03-27 apache24
< 2.4.30
apache22
< 2.2.34_5
https://www.apache.org/dist/httpd/CHANGES_2.4.33
CVE-2017-15710
CVE-2018-1283
CVE-2018-1303
CVE-2018-1301
CVE-2017-15715
CVE-2018-1312
CVE-2018-1302
|
91ecb546-b1e6-11e3-980f-20cf30e32f6d | apache -- several vulnerabilities
Apache HTTP SERVER PROJECT reports:
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
mod_dav: Keep track of length of cdata properly when removing leading
spaces. Eliminates a potential denial of service from specifically
crafted DAV WRITE requests.
Discovery 2014-02-25 Entry 2014-03-22 apache24
gt 2.4.0 lt 2.4.9
apache22
gt 2.2.0 lt 2.2.27
apache22-event-mpm
gt 2.2.0 lt 2.2.27
apache22-itk-mpm
gt 2.2.0 lt 2.2.27
apache22-peruser-mpm
gt 2.2.0 lt 2.2.27
apache22-worker-mpm
gt 2.2.0 lt 2.2.27
CVE-2014-0098
CVE-2013-6438
|
0c2db2aa-5584-11e7-9a7d-b499baebfeaf | Apache httpd -- several vulnerabilities
The Apache httpd project reports:
- ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167):
Use of the ap_get_basic_auth_pw() by third-party modules outside
of the authentication phase may lead to authentication requirements
being bypassed.
- mod_ssl Null Pointer Dereference (CVE-2017-3169):
mod_ssl may
dereference a NULL pointer when third-party modules
call ap_hook_process_connection() during an HTTP request to an HTTPS
port.
- mod_http2 Null Pointer Dereference (CVE-2017-7659):
A maliciously
constructed HTTP/2 request could cause mod_http2 to dereference a NULL
pointer and crash the server process.
- ap_find_token() Buffer Overread (CVE-2017-7668):
The HTTP strict
parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token
list parsing, which allows ap_find_token() to search past the end of its
input string. By maliciously crafting a sequence of request headers, an
attacker may be able to cause a segmentation fault, or to force
ap_find_token() to return an incorrect value.
- mod_mime Buffer Overread (CVE-2017-7679):
mod_mime can read one
byte past the end of a buffer when sending a malicious Content-Type
response header.
Discovery 2017-06-20 Entry 2017-06-20 apache22
< 2.2.33
apache24
< 2.4.26
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_22.html
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
|
9c88d8a8-8372-11e2-a010-20cf30e32f6d | apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports:
low: XSS due to unescaped hostnames CVE-2012-3499
Various XSS flaws due to unescaped hostnames and URIs HTML output in
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
moderate: XSS in mod_proxy_balancer CVE-2012-4558
A XSS flaw affected the mod_proxy_balancer manager interface.
Discovery 2012-10-07 Entry 2013-03-02 apache22
gt 2.2.0 lt 2.2.24
apache22-event-mpm
gt 2.2.0 lt 2.2.24
apache22-itk-mpm
gt 2.2.0 lt 2.2.24
apache22-peruser-mpm
gt 2.2.0 lt 2.2.24
apache22-worker-mpm
gt 2.2.0 lt 2.2.24
CVE-2012-3499
CVE-2012-4558
|