-
Latest security vulnerabilities Apache Http Server
Sep 26, 2019 | 00:00 am
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVSS:6.4) (Last Update:2019-09-27)
Read more...
-
Latest security vulnerabilities Apache Http Server
Sep 25, 2019 | 00:00 am
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVSS:5.8) (Last Update:2019-10-09)
Read more...
-
Latest security vulnerabilities Apache Http Server
Aug 15, 2019 | 00:00 am
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jun 11, 2019 | 00:00 am
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Apr 8, 2019 | 00:00 am
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jan 30, 2019 | 00:00 am
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Sep 25, 2018 | 00:00 am
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jul 26, 2018 | 00:00 am
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jul 18, 2018 | 00:00 am
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). (CVSS:5.0) (Last Update:2019-08-15)
Read more...
-
Latest security vulnerabilities Apache Http Server
Jun 18, 2018 | 00:00 am
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). (CVSS:5.0) (Last Update:2019-10-02)
Read more...