| CVE-2018-1312 |
Low |
Yes |
Content spoofing |
In Apache httpd 2.2.0 before 2.4.30, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly... |
| CVE-2018-1303 |
Low |
Yes |
Denial of service |
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data... |
| CVE-2018-1302 |
Low |
Yes |
Denial of service |
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an... |
| CVE-2018-1301 |
Low |
Yes |
Denial of service |
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached... |
| CVE-2018-1283 |
Medium |
Yes |
Session hijacking |
In Apache httpd 2.2.0 before 2.4.30, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a... |
| CVE-2017-15715 |
Low |
Yes |
Access restriction bypass |
In Apache httpd 2.4.0 before 2.4.30, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than... |
| CVE-2017-15710 |
Low |
Yes |
Denial of service |
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language... |