AVG-857 log
Package | apache |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 2.4.37-1 |
Fixed | 2.4.38-1 |
Current | 2.4.62-1 [extra] |
Ticket | None |
Created | Wed Jan 23 13:51:16 2019 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2019-0190 | High | Yes | Denial of service | A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a... |
CVE-2018-17199 | Medium | Yes | Insufficient validation | In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time... |
CVE-2018-17189 | High | Yes | Denial of service | By sending request bodies in a slow loris way to plain resources, the h2 stream of Apache HTTP Server before 2.4.38 for that request unnecessarily occupied... |
Date | Advisory | Package | Type |
---|---|---|---|
24 Jan 2019 | ASA-201901-14 | apache | multiple issues |
References |
---|
https://httpd.apache.org/security/vulnerabilities_24.html#2.4.38 |