-
CVE-2018-11763
Latest security vulnerabilities Apache Http Server Sep 25, 2018 | 00:00 amIn Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is[…]
Read more... -
CVE-2018-8011
Latest security vulnerabilities Apache Http Server Jul 18, 2018 | 00:00 amBy specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). (CVSS:5.0) (Last Update:2018-09-27)
Read more... -
CVE-2018-1333
Latest security vulnerabilities Apache Http Server Jun 18, 2018 | 00:00 amBy specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). (CVSS:5.0) (Last Update:2018-11-13)
Read more... -
CVE-2017-15710
Latest security vulnerabilities Apache Http Server Mar 26, 2018 | 00:00 amIn Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not[…]
Read more... -
CVE-2017-15715
Latest security vulnerabilities Apache Http Server Mar 26, 2018 | 00:00 amIn Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some[…]
Read more... -
CVE-2018-1283
Latest security vulnerabilities Apache Http Server Mar 26, 2018 | 00:00 amIn Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION"[…]
Read more... -
CVE-2018-1301
Latest security vulnerabilities Apache Http Server Mar 26, 2018 | 00:00 amA specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if[…]
Read more... -
CVE-2018-1302
Latest security vulnerabilities Apache Http Server Mar 26, 2018 | 00:00 amWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard[…]
Read more... -
CVE-2018-1303
Latest security vulnerabilities Apache Http Server Mar 26, 2018 | 00:00 amA specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial[…]
Read more... -
CVE-2018-1312
Latest security vulnerabilities Apache Http Server Mar 26, 2018 | 00:00 amIn Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP[…]
Read more...
Let's Encrypt ist eine gemeinnützige Zertifizierungsstelle. Mit Unterstützung von Mozilla, der Bürgerrechtsorganisation Electronic Frontier Foundation (EFF) und einigen Unternehmen wie z.B. Content-Delivery-Netzwerk-Anbieter Akamai und Cisco soll so jeder kostenlos ein TLS-Zertifikat erhalten können, um die Verbindungen zu eigenen Webseiten per HTTPS verschlüsseln zu können.
