-
CVE-2019-0211
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]
Read more... -
CVE-2019-0215
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)
Read more... -
CVE-2019-0217
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)
Read more... -
CVE-2018-17189
Latest security vulnerabilities Apache Http Server Jan 30, 2019 | 00:00 amIn Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2[…]
Read more... -
CVE-2018-17199
Latest security vulnerabilities Apache Http Server Jan 30, 2019 | 00:00 amIn Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is[…]
Read more... -
CVE-2019-0190
Latest security vulnerabilities Apache Http Server Jan 30, 2019 | 00:00 amA bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with[…]
Read more... -
CVE-2018-11763
Latest security vulnerabilities Apache Http Server Sep 25, 2018 | 00:00 amIn Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is[…]
Read more... -
CVE-2018-8011
Latest security vulnerabilities Apache Http Server Jul 18, 2018 | 00:00 amBy specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). (CVSS:5.0) (Last Update:2018-09-27)
Read more... -
CVE-2018-1333
Latest security vulnerabilities Apache Http Server Jun 18, 2018 | 00:00 amBy specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). (CVSS:5.0) (Last Update:2019-05-07)
Read more... -
CVE-2018-1312
Latest security vulnerabilities Apache Http Server Mar 26, 2018 | 00:00 amIn Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP[…]
Read more...
Let's Encrypt ist eine gemeinnützige Zertifizierungsstelle. Mit Unterstützung von Mozilla, der Bürgerrechtsorganisation Electronic Frontier Foundation (EFF) und einigen Unternehmen wie z.B. Content-Delivery-Netzwerk-Anbieter Akamai und Cisco soll so jeder kostenlos ein TLS-Zertifikat erhalten können, um die Verbindungen zu eigenen Webseiten per HTTPS verschlüsseln zu können.
