-
Latest security vulnerabilities Apache Http Server
Apr 8, 2019 | 00:00 am
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jan 30, 2019 | 00:00 am
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Sep 25, 2018 | 00:00 am
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jul 26, 2018 | 00:00 am
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jul 18, 2018 | 00:00 am
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). (CVSS:5.0) (Last Update:2018-09-27)
Read more...
-
Latest security vulnerabilities Apache Http Server
Jun 18, 2018 | 00:00 am
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). (CVSS:5.0) (Last Update:2019-05-07)
Read more...
-
Latest security vulnerabilities Apache Http Server
Mar 26, 2018 | 00:00 am
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Mar 9, 2018 | 00:00 am
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. (CVSS:3.3) (Last Update:2019-05-10)
Read more...
-
Latest security vulnerabilities Apache Http Server
Sep 18, 2017 | 00:00 am
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jul 27, 2017 | 00:00 am
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain[…]
Read more...
Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!