The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apache HTTP Server

vulnerability CVE-2018-17199

Apache httpd: privilege escalation via mod_session_cookie Ignored Expiry Time

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Debian, IBM i, Rational ClearCase, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 23/01/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2018-17199, DLA-1647-1, DSA-4422-1, ibm10869064, ibm10872490, ibm10876972, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, USN-3937-1, VIGILANCE-VUL-28330.

Description of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-17189

Apache httpd: denial of service via mod_http2

Synthesis of the vulnerability

An attacker can trigger a fatal error via mod_http2 of Apache httpd, in order to trigger a denial of service.
Impacted products: Apache httpd, Debian, IBM i, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 23/01/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2018-17189, DSA-4422-1, ibm10872490, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, USN-3937-1, VIGILANCE-VUL-28329.

Description of the vulnerability

An attacker can trigger a fatal error via mod_http2 of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-4975

Apache httpd: information disclosure via HTTP Response Splitting

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP Response Splitting of Apache httpd, in order to obtain sensitive information.
Impacted products: Apache httpd, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 16/08/2018.
Identifiers: CVE-2016-4975, openSUSE-SU-2018:2856-1, SUSE-SU-2018:2554-1, SUSE-SU-2018:2815-1, VIGILANCE-VUL-27023.

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP Response Splitting of Apache httpd, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-8011

Apache httpd: NULL pointer dereference via mod_md

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via mod_md of Apache httpd, in order to trigger a denial of service.
Impacted products: Apache httpd, Fedora, IBM i, openSUSE Leap, Solaris, Slackware, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 18/07/2018.
Identifiers: bulletinjul2018, CVE-2018-8011, FEDORA-2018-49d3b42425, ibm10720141, openSUSE-SU-2018:2433-1, SSA:2018-199-01, SUSE-SU-2018:2424-1, VIGILANCE-VUL-26781.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via mod_md of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1333

Apache httpd: denial of service via HTTP/2

Synthesis of the vulnerability

An attacker can generate a fatal error via HTTP/2 of Apache httpd, in order to trigger a denial of service.
Impacted products: Apache httpd, IBM i, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 18/07/2018.
Identifiers: CVE-2018-1333, ibm10720141, openSUSE-SU-2018:2397-1, openSUSE-SU-2018:2433-1, RHSA-2018:3558-01, SSA:2018-199-01, SUSE-SU-2018:2336-1, SUSE-SU-2018:2424-1, USN-3783-1, VIGILANCE-VUL-26780.

Description of the vulnerability

An attacker can generate a fatal error via HTTP/2 of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1283

Apache httpd: privilege escalation via mod_session CGI Applications

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session CGI Applications of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1283, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25642.

Description of the vulnerability

An attacker can bypass restrictions via mod_session CGI Applications of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-15710

Apache httpd: denial of service via mod_authnz_ldap

Synthesis of the vulnerability

An attacker can generate a fatal error via mod_authnz_ldap of Apache httpd, in order to trigger a denial of service.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2017-15710, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25641.

Description of the vulnerability

An attacker can generate a fatal error via mod_authnz_ldap of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-15715

Apache httpd: file reading via FilesMatch Newline

Synthesis of the vulnerability

A local attacker can read a file via FilesMatch Newline of Apache httpd, in order to obtain sensitive information.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2017-15715, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25640.

Description of the vulnerability

A local attacker can read a file via FilesMatch Newline of Apache httpd, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1312

Apache httpd: privilege escalation via mod_auth_digest

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_auth_digest of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: bulletinapr2018, CVE-2018-1312, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25639.

Description of the vulnerability

An attacker can bypass restrictions via mod_auth_digest of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1301

Apache httpd: out-of-bounds memory reading via Request Reading Failure

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Request Reading Failure of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1301, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, K78131906, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, SYMSA1457, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25638.

Description of the vulnerability

An attacker can force a read at an invalid address via Request Reading Failure of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apache HTTP Server: