AVG-857

Package apache
Status Fixed
Severity High
Type multiple issues
Affected 2.4.37-1
Fixed 2.4.38-1
Current 2.4.38-1 [extra]
Ticket None
Created Wed Jan 23 13:51:16 2019
Issue Severity Remote Type Description
CVE-2019-0190 High Yes Denial of service
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a...
CVE-2018-17199 Medium Yes Insufficient validation
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time...
CVE-2018-17189 High Yes Denial of service
By sending request bodies in a slow loris way to plain resources, the h2 stream of Apache HTTP Server before 2.4.38 for that request unnecessarily occupied...
Date Advisory Package Description
24 Jan 2019 ASA-201901-14 apache multiple issues
References
https://httpd.apache.org/security/vulnerabilities_24.html#2.4.38