Several security issues were fixed in the Apache HTTP Server ...
Debian Bug report logs -
#920302
apache2: CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies
Package:
src:apache2;
Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 23 Jan 2019 20:33:05 UTC
Severity: ...
Debian Bug report logs -
#920303
apache2: CVE-2018-17199: mod_session_cookie does not respect expiry time
Package:
src:apache2;
Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 23 Jan 2019 20:36:02 UTC
Severity: ...
Synopsis
Moderate: httpd security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis
Moderate: httpd24-httpd security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd24, httpd24-httpd, and httpd24-nghttp2 is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2437 zip releasefor RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has rated this update as ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 6
Type/Severity
Security Advisory: Important
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for R ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 7
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Several vulnerabilities have been found in the Apache HTTP server
CVE-2018-17189
Gal Goldshtein of F5 Networks discovered a denial of service
vulnerability in mod_http2 By sending malformed requests, the
http/2 stream for that request unnecessarily occupied a server
thread cleaning up incoming data, resulting in denial of service ...
In Apache HTTP server by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data This affects only HTTP/2 (mod_http2) connections (CVE-2018-17189)
A bug exists in the way mod_ssl handled client renegotiations A remote attacker could send ...
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem When the candidate has been publicized, the details for this candidate will be provided ...
In Apache HTTP Server 24 release 2437 and prior, mod_session checks the session expiry time before decoding the session This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded ...
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers
Out of caution and in line with good practice, Tenable opted to upgrade the bun ...