Download
| Alert*
oval:org.secpod.oval:def:83788
The host is installed with Apache Http Server 2.4.33 and is prone to a null pointer vulnerability. A flaw is present in the application, which fails to handle crafting http requests. Successful exploitation could lead to denial of service. oval:org.secpod.oval:def:2102711 By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). oval:org.secpod.oval:def:1600919 By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 . oval:org.secpod.oval:def:1801112 DoS for HTTP/2 connections by crafted requests By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed In Version: Apache HTTP Server 2.4.34 oval:org.secpod.oval:def:1801113 DoS for HTTP/2 connections by crafted requests By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed In Version: Apache HTTP Server 2.4.34 oval:org.secpod.oval:def:1801114 DoS for HTTP/2 connections by crafted requests By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed In Version: Apache HTTP Server 2.4.34 oval:org.secpod.oval:def:1801115 DoS for HTTP/2 connections by crafted requests By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed In Version: Apache HTTP Server 2.4.34 oval:org.secpod.oval:def:114855 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:114840 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1700073 By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 oval:org.secpod.oval:def:89049742 This update for apache2 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests . - CVE-2018-8011: Fixed a null pointer dereference in mod_md, which cou ... |