AVG-857 log
| Package | apache |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 2.4.37-1 |
| Fixed | 2.4.38-1 |
| Current | 2.4.65-4 [extra] |
| Ticket | None |
| Created | Wed Jan 23 13:51:16 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-0190 | High | Yes | Denial of service | A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a... |
| CVE-2018-17199 | Medium | Yes | Insufficient validation | In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time... |
| CVE-2018-17189 | High | Yes | Denial of service | By sending request bodies in a slow loris way to plain resources, the h2 stream of Apache HTTP Server before 2.4.38 for that request unnecessarily occupied... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 24 Jan 2019 | ASA-201901-14 | apache | multiple issues |
| References |
|---|
https://httpd.apache.org/security/vulnerabilities_24.html#2.4.38 |