apache

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A high performance Unix-based HTTP server
Version 2.4.33-3 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-664 2.4.29-1 2.4.33-1 Medium Fixed
AVG-404 2.4.27-1 2.4.27-2 High Fixed
AVG-350 2.4.26-3 2.4.27-1 Critical Fixed
AVG-316 2.4.25-3 2.4.26-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-1312 AVG-664 Low Yes Content spoofing
In Apache httpd 2.2.0 before 2.4.30, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly...
CVE-2018-1303 AVG-664 Low Yes Denial of service
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data...
CVE-2018-1302 AVG-664 Low Yes Denial of service
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an...
CVE-2018-1301 AVG-664 Low Yes Denial of service
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached...
CVE-2018-1283 AVG-664 Medium Yes Session hijacking
In Apache httpd 2.2.0 before 2.4.30, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a...
CVE-2017-9798 AVG-404 High Yes Information disclosure
An use after free vulnerability has been discovered in Apache HTTP 2.4.27 that causes a corrupted Allow header to be constructed in response to HTTP OPTIONS...
CVE-2017-9789 AVG-350 Critical Yes Arbitrary code execution
A security issue has been found in apache's mod_http2 <= 2.4.26. When under stress, closing many connections, the HTTP/2 handling code would sometimes...
CVE-2017-9788 AVG-350 High Yes Information disclosure
A security issue has been found in apache's mod_auth_digest <= 2.4.26, leading to information disclosure or denial of service. The value placeholder in...
CVE-2017-7679 AVG-316 Medium Yes Denial of service
An out-of-bounds read has been found in Apache httpd < 2.4.26, where mod_mime can read one byte past the end of a buffer when a malicious Content-Type...
CVE-2017-7668 AVG-316 High Yes Information disclosure
An out-of-bounds read has been found in Apache httpd < 2.4.26. The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list...
CVE-2017-7659 AVG-316 High Yes Denial of service
A NULL-pointer dereference leading to denial of service has been found in the mod_http2 component of Apache httpd < 2.4.26. A maliciously constructed HTTP/2...
CVE-2017-3169 AVG-316 Medium Yes Denial of service
A NULL-pointer dereference leading to denial of service has been found in the mod_ssl component of Apache httpd < 2.4.26. mod_ssl may dereference a NULL...
CVE-2017-3167 AVG-316 Medium Yes Authentication bypass
An authentication bypass flaw has been found in Apache httpd < 2.4.26, where the use of the ap_get_basic_auth_pw() function by third-party modules outside...
CVE-2017-15715 AVG-664 Low Yes Access restriction bypass
In Apache httpd 2.4.0 before 2.4.30, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than...
CVE-2017-15710 AVG-664 Low Yes Denial of service
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language...

Advisories

Date Advisory Group Severity Description
04 Apr 2018 ASA-201804-4 AVG-664 Medium multiple issues
18 Sep 2017 ASA-201709-15 AVG-404 High information disclosure
14 Jul 2017 ASA-201707-15 AVG-350 Critical multiple issues
28 Jun 2017 ASA-201706-34 AVG-316 High multiple issues