AVG-664 log

Package apache
Status Fixed
Severity Medium
Type multiple issues
Affected 2.4.29-1
Fixed 2.4.33-1
Current 2.4.41-1 [extra]
Ticket None
Created Mon Mar 26 16:50:25 2018
Issue Severity Remote Type Description
CVE-2018-1312 Low Yes Content spoofing
In Apache httpd 2.2.0 before 2.4.30, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly...
CVE-2018-1303 Low Yes Denial of service
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data...
CVE-2018-1302 Low Yes Denial of service
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an...
CVE-2018-1301 Low Yes Denial of service
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached...
CVE-2018-1283 Medium Yes Session hijacking
In Apache httpd 2.2.0 before 2.4.30, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a...
CVE-2017-15715 Low Yes Access restriction bypass
In Apache httpd 2.4.0 before 2.4.30, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than...
CVE-2017-15710 Low Yes Denial of service
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language...
Date Advisory Package Description
04 Apr 2018 ASA-201804-4 apache multiple issues
References
https://httpd.apache.org/security/vulnerabilities_24.html