-
CVE-2019-0196
Latest security vulnerabilities Apache Http Server Jun 11, 2019 | 00:00 amA vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the[…]
Read more... -
CVE-2019-0197
Latest security vulnerabilities Apache Http Server Jun 11, 2019 | 00:00 amA vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the[…]
Read more... -
CVE-2019-0220
Latest security vulnerabilities Apache Http Server Jun 11, 2019 | 00:00 amA vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects[…]
Read more... -
CVE-2019-0211
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]
Read more... -
CVE-2019-0215
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)
Read more... -
CVE-2019-0217
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)
Read more... -
CVE-2018-17189
Latest security vulnerabilities Apache Http Server Jan 30, 2019 | 00:00 amIn Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2[…]
Read more... -
CVE-2018-17199
Latest security vulnerabilities Apache Http Server Jan 30, 2019 | 00:00 amIn Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is[…]
Read more... -
CVE-2019-0190
Latest security vulnerabilities Apache Http Server Jan 30, 2019 | 00:00 amA bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with[…]
Read more... -
CVE-2018-11763
Latest security vulnerabilities Apache Http Server Sep 25, 2018 | 00:00 amIn Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is[…]
Read more...
Let's Encrypt ist eine gemeinnützige Zertifizierungsstelle. Mit Unterstützung von Mozilla, der Bürgerrechtsorganisation Electronic Frontier Foundation (EFF) und einigen Unternehmen wie z.B. Content-Delivery-Netzwerk-Anbieter Akamai und Cisco soll so jeder kostenlos ein TLS-Zertifikat erhalten können, um die Verbindungen zu eigenen Webseiten per HTTPS verschlüsseln zu können.