VuXML ID | Description |
e182c076-c189-11e8-a6d2-b499baebfeaf | Apache -- Denial of service vulnerability in HTTP/2
The Apache httpd project reports:
low: DoS for HTTP/2 connections by continuous SETTINGS
By sending continous SETTINGS frames of maximum size an ongoing
HTTP/2 connection could be kept busy and would never time out. This
can be abused for a DoS on the server. This only affect a server
that has enabled the h2 protocol.
Discovery 2018-09-25 Entry 2018-09-26 apache24
< 2.4.35
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2018-11763
|
457ce015-67fa-11e7-867f-b499baebfeaf | Apache httpd -- multiple vulnerabilities
The Apache httpd project reports:
important: Read after free in mod_http2 (CVE-2017-9789)
When under stress, closing many connections, the HTTP/2 handling
code would sometimes access memory after it has been freed,
resulting in potentially erratic behaviour.
important: Uninitialized memory reflection in mod_auth_digest
(CVE-2017-9788) The value placeholder in [Proxy-]Authorization
headers of type 'Digest' was not initialized or reset before or
between successive key=value assignments. by mod_auth_digest.
Providing an initial key with no '=' assignment could reflect
the stale value of uninitialized pool memory used by the prior
request, leading to leakage of potentially confidential
information, and a segfault.
Discovery 2017-07-11 Entry 2017-07-13 apache24
< 2.4.27
https://httpd.apache.org/security/vulnerabilities_24.html
CVE-2017-9789
CVE-2017-9788
|
a12494c1-2af4-11e5-86ff-14dae9d210b8 | apache24 -- multiple vulnerabilities
Jim Jagielski reports:
CVE-2015-3183 (cve.mitre.org)
core: Fix chunk header parsing defect.
Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.
Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters.
CVE-2015-3185 (cve.mitre.org)
Replacement of ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook.
CVE-2015-0253 (cve.mitre.org)
core: Fix a crash with ErrorDocument 400 pointing to a local URL-path
with the INCLUDES filter active, introduced in 2.4.11. PR 57531.
CVE-2015-0228 (cve.mitre.org)
mod_lua: A maliciously crafted websockets PING after a script
calls r:wsupgrade() can cause a child process crash.
Discovery 2015-02-04 Entry 2015-07-15 apache24
< 2.4.16
https://mail-archives.apache.org/mod_mbox/www-announce/201507.mbox/%3CAA5C882C-A9C3-46B9-9320-5040A2152E83@apache.org%3E
CVE-2015-3183
CVE-2015-3185
CVE-2015-0253
CVE-2015-0228
|
76b085e2-9d33-11e7-9260-000c292ee6b8 | Apache -- HTTP OPTIONS method can leak server memory
The Fuzzing Project reports:
Apache httpd allows remote attackers to read secret data from
process memory if the Limit directive can be set in a user's
.htaccess file, or if httpd.conf has certain misconfigurations,
aka Optionsbleed. This affects the Apache HTTP Server through
2.2.34 and 2.4.x through 2.4.27. The attacker sends an
unauthenticated OPTIONS HTTP request when attempting to read
secret data. This is a use-after-free issue and thus secret data
is not always sent, and the specific data depends on many factors
including configuration. Exploitation with .htaccess can be
blocked with a patch to the ap_limit_section function in
server/core.c.
Discovery 2017-09-18 Entry 2017-09-19 apache24
< 2.4.27_1
apache22
< 2.2.34_1
https://nvd.nist.gov/vuln/detail/CVE-2017-9798
CVE-2017-9798
|
862d6ab3-c75e-11e6-9f98-20cf30e32f6d | Apache httpd -- several vulnerabilities
Apache Software Foundation reports:
Please reference CVE/URL list for details
Discovery 2016-12-20 Entry 2016-12-21 Modified 2016-12-22 apache24
< 2.4.25
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2016-8743
CVE-2016-2161
CVE-2016-0736
CVE-2016-8740
CVE-2016-5387
|
0c2db2aa-5584-11e7-9a7d-b499baebfeaf | Apache httpd -- several vulnerabilities
The Apache httpd project reports:
- ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167):
Use of the ap_get_basic_auth_pw() by third-party modules outside
of the authentication phase may lead to authentication requirements
being bypassed.
- mod_ssl Null Pointer Dereference (CVE-2017-3169):
mod_ssl may
dereference a NULL pointer when third-party modules
call ap_hook_process_connection() during an HTTP request to an HTTPS
port.
- mod_http2 Null Pointer Dereference (CVE-2017-7659):
A maliciously
constructed HTTP/2 request could cause mod_http2 to dereference a NULL
pointer and crash the server process.
- ap_find_token() Buffer Overread (CVE-2017-7668):
The HTTP strict
parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token
list parsing, which allows ap_find_token() to search past the end of its
input string. By maliciously crafting a sequence of request headers, an
attacker may be able to cause a segmentation fault, or to force
ap_find_token() to return an incorrect value.
- mod_mime Buffer Overread (CVE-2017-7679):
mod_mime can read one
byte past the end of a buffer when sending a malicious Content-Type
response header.
Discovery 2017-06-20 Entry 2017-06-20 apache22
< 2.2.33
apache24
< 2.4.26
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_22.html
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
|
f38187e7-2f6e-11e8-8f07-b499baebfeaf | apache -- multiple vulnerabilities
The Apache httpd reports:
Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig
enabled (CVE-2017-15710)
mod_session: CGI-like applications that intend to read from
mod_session's 'SessionEnv ON' could be fooled into reading
user-supplied data instead. (CVE-2018-1283)
mod_cache_socache: Fix request headers parsing to avoid a possible
crash with specially crafted input data. (CVE-2018-1303)
core: Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production
LogLevel. (CVE-2018-1301)
core: Configure the regular expression engine to match '$' to the
end of the input string only, excluding matching the end of any
embedded newline characters. Behavior can be changed with new
directive 'RegexDefaultOptions'. (CVE-2017-15715)
mod_auth_digest: Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
may cause problems if used with round robin load balancers.
(CVE-2018-1312)
mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)
Discovery 2018-03-23 Entry 2018-03-24 Modified 2018-03-27 apache24
< 2.4.30
apache22
< 2.2.34_5
https://www.apache.org/dist/httpd/CHANGES_2.4.33
CVE-2017-15710
CVE-2018-1283
CVE-2018-1303
CVE-2018-1301
CVE-2017-15715
CVE-2018-1312
CVE-2018-1302
|
8b1a50ab-8a8e-11e8-add2-b499baebfeaf | Apache httpd -- multiple vulnerabilities
The Apache project reports:
- DoS for HTTP/2 connections by crafted requests
(CVE-2018-1333). By specially crafting HTTP/2 requests, workers
would be allocated 60 seconds longer than necessary, leading to
worker exhaustion and a denial of service. (low)
- mod_md, DoS via Coredumps on specially crafted requests
(CVE-2018-8011). By specially crafting HTTP requests, the mod_md
challenge handler would dereference a NULL pointer and cause the
child process to segfault. This could be used to DoS the server.
(moderate)
Discovery 2018-07-18 Entry 2018-07-18 apache24
< 2.4.34
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2018-1333
CVE-2018-8011
|
eb888ce5-1f19-11e9-be05-4c72b94353b5 | Apache -- vulnerability
The Apache httpd Project reports:
SECURITY: CVE-2018-17199
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused.
SECURITY: CVE-2019-0190
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052.
SECURITY: CVE-2018-17189
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data.
Discovery 2019-01-22 Entry 2019-01-23 apache24
< 2.4.38
http://www.apache.org/dist/httpd/CHANGES_2.4.38
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2018-17199
CVE-2018-17189
CVE-2019-0190
|
cf2105c6-551b-11e9-b95c-b499baebfeaf | Apache -- Multiple vulnerabilities
The Apache httpd Project reports:
Apache HTTP Server privilege escalation from modules' scripts
(CVE-2019-0211) (important)
mod_auth_digest access control bypass (CVE-2019-0217)
(important)
mod_ssl access control bypass (CVE-2019-0215) (important)
mod_http2, possible crash on late upgrade (CVE-2019-0197) (low)
mod_http2, read-after-free on a string compare (CVE-2019-0196)
(low)
Apache httpd URL normalization inconsistincy (CVE-2019-0220)
(low)
Discovery 2019-04-01 Entry 2019-04-02 apache24
< 2.4.39
https://www.apache.org/dist/httpd/CHANGES_2.4.39
https://httpd.apache.org/security/vulnerabilities_24.html
CVE-2019-0211
CVE-2019-0217
CVE-2019-0215
CVE-2019-0196
CVE-2019-0220
|
caf545f2-c0d9-11e9-9051-4c72b94353b5 | Apache -- Multiple vulnerabilities
SO-AND-SO reports:
SECURITY: CVE-2019-10081
mod_http2: HTTP/2 very early pushes, for example configured with "H2PushResource",
could lead to an overwrite of memory in the pushing request's pool,
leading to crashes. The memory copied is that of the configured push
link header values, not data supplied by the client.
SECURITY: CVE-2019-9517
mod_http2: a malicious client could perform a DoS attack by flooding
a connection with requests and basically never reading responses
on the TCP connection. Depending on h2 worker dimensioning, it was
possible to block those with relatively few connections.
SECURITY: CVE-2019-10098
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
SECURITY: CVE-2019-10092
Remove HTML-escaped URLs from canned error responses to prevent misleading
text/links being displayed via crafted links.
SECURITY: CVE-2019-10097
mod_remoteip: Fix stack buffer overflow and NULL pointer deference
when reading the PROXY protocol header.
CVE-2019-10082
mod_http2: Using fuzzed network input, the http/2 session
handling could be made to read memory after being freed,
during connection shutdown.
Discovery 2019-08-14 Entry 2019-08-17 apache24
< 2.4.41
http://www.apache.org/dist/httpd/CHANGES_2.4
CVE-2019-10081
CVE-2019-9517
CVE-2019-10098
CVE-2019-10092
CVE-2019-10082
|