CVE-2018-1301
- EPSS 15.56%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:34
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to tri...
CVE-2018-1302
- EPSS 13.44%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:34
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard t...
CVE-2018-1303
- EPSS 70.78%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:34
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of ...
CVE-2018-1312
- EPSS 15.89%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:36
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication con...
CVE-2016-8612
- EPSS 4.69%
- Veröffentlicht 09.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 02:59:40
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
CVE-2017-9798
- EPSS 95%
- Veröffentlicht 18.09.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2...
CVE-2016-0736
- EPSS 49.02%
- Veröffentlicht 27.07.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated en...
CVE-2016-2161
- EPSS 20.95%
- Veröffentlicht 27.07.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
CVE-2016-8743
- EPSS 13.25%
- Veröffentlicht 27.07.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in...
CVE-2017-7659
- EPSS 53.94%
- Veröffentlicht 26.07.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.