Several security issues were fixed in the Apache HTTP Server ...
Debian Bug report logs -
#920302
apache2: CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies
Package:
src:apache2;
Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 23 Jan 2019 20:33:05 UTC
Severity: ...
Debian Bug report logs -
#920303
apache2: CVE-2018-17199: mod_session_cookie does not respect expiry time
Package:
src:apache2;
Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 23 Jan 2019 20:36:02 UTC
Severity: ...
Several vulnerabilities have been found in the Apache HTTP server
CVE-2018-17189
Gal Goldshtein of F5 Networks discovered a denial of service
vulnerability in mod_http2 By sending malformed requests, the
http/2 stream for that request unnecessarily occupied a server
thread cleaning up incoming data, resulting in denial of service ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP3 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2437 Service Pack 3 zip release for RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has r ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP3 security update
Type/Severity
Security Advisory: Important
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for Red Hat ...
Synopsis
Moderate: httpd:24 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2437 zip releasefor RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has rated this update as ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 6
Type/Severity
Security Advisory: Important
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for R ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 7
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard (CVE-2019-0211)
A vulnerability was found in ...
A vulnerability was found in Apache HTTP Server 24 Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly (CVE-2019-0196) ...
In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard (CVE-2019-0211)
mod_http2: read-after-free on ...
A use-after-free issue has been found in the http/2 request handling code of Apache HTTPd <= 2418 and >= 2438 Using crafted network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly ...