apache

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A high performance Unix-based HTTP server
Version 2.4.29-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-404 2.4.27-1 2.4.27-2 High Fixed
AVG-350 2.4.26-3 2.4.27-1 Critical Fixed
AVG-316 2.4.25-3 2.4.26-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-9798 AVG-404 High Yes Information disclosure
An use after free vulnerability has been discovered in Apache HTTP 2.4.27 that causes a corrupted Allow header to be constructed in response to HTTP OPTIONS...
CVE-2017-9789 AVG-350 Critical Yes Arbitrary code execution
A security issue has been found in apache's mod_http2 <= 2.4.26. When under stress, closing many connections, the HTTP/2 handling code would sometimes...
CVE-2017-9788 AVG-350 High Yes Information disclosure
A security issue has been found in apache's mod_auth_digest <= 2.4.26, leading to information disclosure or denial of service. The value placeholder in...
CVE-2017-7679 AVG-316 Medium Yes Denial of service
An out-of-bounds read has been found in Apache httpd < 2.4.26, where mod_mime can read one byte past the end of a buffer when a malicious Content-Type...
CVE-2017-7668 AVG-316 High Yes Information disclosure
An out-of-bounds read has been found in Apache httpd < 2.4.26. The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list...
CVE-2017-7659 AVG-316 High Yes Denial of service
A NULL-pointer dereference leading to denial of service has been found in the mod_http2 component of Apache httpd < 2.4.26. A maliciously constructed HTTP/2...
CVE-2017-3169 AVG-316 Medium Yes Denial of service
A NULL-pointer dereference leading to denial of service has been found in the mod_ssl component of Apache httpd < 2.4.26. mod_ssl may dereference a NULL...
CVE-2017-3167 AVG-316 Medium Yes Authentication bypass
An authentication bypass flaw has been found in Apache httpd < 2.4.26, where the use of the ap_get_basic_auth_pw() function by third-party modules outside...

Advisories

Date Advisory Group Severity Description
18 Sep 2017 ASA-201709-15 AVG-404 High information disclosure
14 Jul 2017 ASA-201707-15 AVG-350 Critical multiple issues
28 Jun 2017 ASA-201706-34 AVG-316 High multiple issues