Download
| Alert*
oval:org.secpod.oval:def:114319
The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:1800939 CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30 oval:org.secpod.oval:def:89002087 This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications , a remote user may influence their content by using a \quot;Session\quot; header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to ... oval:org.secpod.oval:def:114242 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:2102043 In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across ... oval:org.secpod.oval:def:89002238 This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications , a remote user may influence their content by using a \quot;Session\quot; header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to ... oval:org.secpod.oval:def:1600879 Use-after-free on HTTP/2 stream shutdownWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger ... oval:org.secpod.oval:def:50601 When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter an ... oval:org.secpod.oval:def:1800950 CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30 oval:org.secpod.oval:def:1800945 CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions 2.4.1 to 2.4.29 Fixed in Apache 2.4.30 oval:org.secpod.oval:def:1800946 CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30 oval:org.secpod.oval:def:83784 The host is installed with Apache Http Server before 2.4.29 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle HTTP/2 stream shutdown. Successful exploitation could allow remote attackers to cause denial of service. oval:org.secpod.oval:def:115253 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:51138 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:704336 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:1000590 The remote host is missing a patch 152644-07 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000452 The remote host is missing a patch 152643-07 containing a security fix. For more information please visit the reference link. |