Download
| Alert*
|
oval:org.secpod.oval:def:1800939
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30 oval:org.secpod.oval:def:2102043 In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across ... oval:org.secpod.oval:def:114244 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:52034 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:1600879 Use-after-free on HTTP/2 stream shutdownWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger ... oval:org.secpod.oval:def:205549 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values * httpd: Out of bounds access afte ... oval:org.secpod.oval:def:1800945 CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions 2.4.1 to 2.4.29 Fixed in Apache 2.4.30 oval:org.secpod.oval:def:1800946 CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30 oval:org.secpod.oval:def:89002087 This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications , a remote user may influence their content by using a \quot;Session\quot; header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to ... oval:org.secpod.oval:def:53297 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ... oval:org.secpod.oval:def:1504218 [2.4.6-93.0.1] - replace index.html with Oracles index page oracle_index.html [2.4.6-93] - Resolves: #1677496 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time [2.4.6-92] - htpasswd: add SHA-2 crypt support [2.4.6-91] - Resolves: #1630886 - scriptlet can fail if hostname is no ... oval:org.secpod.oval:def:704065 apache2: Apache HTTP server Details: USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:89002117 This update for apache2 fixes the following issues: - security update: * CVE-2018-1301: Specially crafted requests, in debug mode, could lead to denial of service. [bsc#1086817] * CVE-2017-15710: failure in the language fallback handling could lead to denial of service. [bsc#1086776] * CVE-2018-1312 ... oval:org.secpod.oval:def:89002238 This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications , a remote user may influence their content by using a \quot;Session\quot; header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to ... oval:org.secpod.oval:def:51036 apache2: Apache HTTP server Details: USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Linux Mint 19.x LTS. Original advisory Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:704052 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:83779 The host is installed with Apache Http Server 2.4.0 to 2.4.29 and is prone to an out of bound write vulnerability. A flaw is present in the application, which fails to handle issues in mod_authnz_ldap. Successful exploitation could allow remote attackers to denial of service. oval:org.secpod.oval:def:1800950 CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30 oval:org.secpod.oval:def:503616 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values * httpd: Out of bounds access afte ... oval:org.secpod.oval:def:603350 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ... oval:org.secpod.oval:def:505099 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd , httpd ... oval:org.secpod.oval:def:114362 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1000590 The remote host is missing a patch 152644-07 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000452 The remote host is missing a patch 152643-07 containing a security fix. For more information please visit the reference link. |
