-
Latest security vulnerabilities Apache Http Server
Aug 15, 2019 | 00:00 am
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jun 11, 2019 | 00:00 am
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Apr 8, 2019 | 00:00 am
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jan 30, 2019 | 00:00 am
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Sep 25, 2018 | 00:00 am
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jul 26, 2018 | 00:00 am
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jul 18, 2018 | 00:00 am
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). (CVSS:5.0) (Last Update:2019-08-15)
Read more...
-
Latest security vulnerabilities Apache Http Server
Jun 18, 2018 | 00:00 am
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). (CVSS:5.0) (Last Update:2019-08-15)
Read more...
-
Latest security vulnerabilities Apache Http Server
Mar 26, 2018 | 00:00 am
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Sep 18, 2017 | 00:00 am
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34[…]
Read more...
Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!