Download
| Alert*
oval:org.secpod.oval:def:1600980
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or l ... oval:org.secpod.oval:def:1504916 httpd [2.4.37-39.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-39] - prevent htcacheclean from while break when first file processed [2.4.37-38] - Resolves: #1918741 - Thousands of /tmp/modproxy.tmp.* files cre ... oval:org.secpod.oval:def:54093 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:506096 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_proxy_uwsgi buffer overflow * httpd: mod_http2 concurrent pool usage For more details about the security issue, ... oval:org.secpod.oval:def:54094 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:603841 Several vulnerabilities have been found in the Apache HTTP server. CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming dat ... oval:org.secpod.oval:def:54395 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:54095 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:55064 The host is installed with Apache HTTP Server 2.4.x through 2.4.37 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the mod_session expiry time check issue. Successful exploitation could allow attackers to ignore session expiry tim ... oval:org.secpod.oval:def:54396 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:1801294 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:1801296 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:1801297 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:504878 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_auth_di ... oval:org.secpod.oval:def:89050604 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time Non-security issue fixed: - sysconfig.d is not creat ... oval:org.secpod.oval:def:205549 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values * httpd: Out of bounds access afte ... oval:org.secpod.oval:def:1900079 In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. oval:org.secpod.oval:def:70629 Several vulnerabilities have been found in the Apache HTTP server. CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming dat ... oval:org.secpod.oval:def:2000360 In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. oval:org.secpod.oval:def:73612 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_proxy_uwsgi buffer overflow * httpd: mod_http2 concurrent pool usage For more details about the security issue, ... oval:org.secpod.oval:def:89003258 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time Non-security issue fixed: - sysconfig.d is not creat ... oval:org.secpod.oval:def:2104597 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. oval:org.secpod.oval:def:4501348 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_proxy_uwsgi buffer overflow * httpd: mod_http2 concurrent pool usage For more details about the security issue, ... oval:org.secpod.oval:def:1801348 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:503616 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values * httpd: Out of bounds access afte ... oval:org.secpod.oval:def:2500486 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1504218 [2.4.6-93.0.1] - replace index.html with Oracles index page oracle_index.html [2.4.6-93] - Resolves: #1677496 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time [2.4.6-92] - htpasswd: add SHA-2 crypt support [2.4.6-91] - Resolves: #1630886 - scriptlet can fail if hostname is no ... oval:org.secpod.oval:def:1000590 The remote host is missing a patch 152644-07 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000452 The remote host is missing a patch 152643-07 containing a security fix. For more information please visit the reference link. |