The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apache HTTP Server

computer threat announce CVE-2019-0217

Apache httpd mod_auth_digest: privilege escalation via Race Condition

Synthesis of the vulnerability

An attacker can bypass restrictions via Race Condition of Apache httpd mod_auth_digest, in order to escalate his privileges.
Severity: 2/4.
Creation date: 02/04/2019.
Identifiers: CERTFR-2019-AVI-141, CVE-2019-0217, DLA-1748-1, DSA-4422-1, FEDORA-2019-a4ed7400f4, HPESBUX03950, openSUSE-SU-2019:1190-1, openSUSE-SU-2019:1209-1, openSUSE-SU-2019:1258-1, RHSA-2019:2343-01, RHSA-2019:3436-01, SUSE-SU-2019:0873-1, SUSE-SU-2019:0878-1, SUSE-SU-2019:0888-1, SUSE-SU-2019:0888-2, SUSE-SU-2019:0889-1, USN-3937-1, USN-3937-2, VIGILANCE-VUL-28916.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Race Condition of Apache httpd mod_auth_digest, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-0215

Apache httpd mod_ssl: privilege escalation via Per-location Client Certificate

Synthesis of the vulnerability

An attacker can bypass restrictions via Per-location Client Certificate of Apache httpd mod_ssl, in order to escalate his privileges.
Severity: 2/4.
Creation date: 02/04/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-141, CVE-2019-0215, FEDORA-2019-a4ed7400f4, VIGILANCE-VUL-28915.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Per-location Client Certificate of Apache httpd mod_ssl, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2019-0190

Apache httpd: infinite loop via mod_ssl OpenSSL 1.1.1 Client Renegotiations

Synthesis of the vulnerability

An attacker can trigger an infinite loop via mod_ssl OpenSSL 1.1.1 Client Renegotiations of Apache httpd, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 23/01/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2019-0190, ibm10872490, SSA:2019-022-01, VIGILANCE-VUL-28331.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger an infinite loop via mod_ssl OpenSSL 1.1.1 Client Renegotiations of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-17199

Apache httpd: privilege escalation via mod_session_cookie Ignored Expiry Time

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Severity: 2/4.
Creation date: 23/01/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2018-17199, DLA-1647-1, DSA-4422-1, HPESBUX03950, ibm10869064, ibm10872490, ibm10876972, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, USN-3937-1, VIGILANCE-VUL-28330.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-17189

Apache httpd: denial of service via mod_http2

Synthesis of the vulnerability

An attacker can trigger a fatal error via mod_http2 of Apache httpd, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 23/01/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2018-17189, DSA-4422-1, HPESBUX03950, ibm10872490, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, USN-3937-1, VIGILANCE-VUL-28329.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via mod_http2 of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2018-11763

Apache httpd: denial of service via HTTP/2 SETTINGS

Synthesis of the vulnerability

An attacker can generate a fatal error via HTTP/2 SETTINGS of Apache httpd, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 25/09/2018.
Identifiers: bulletinjan2019, CERTFR-2018-AVI-490, CVE-2018-11763, ibm10735045, openSUSE-SU-2018:3185-1, openSUSE-SU-2018:3713-1, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:1547-1, openSUSE-SU-2019:1814-1, RHSA-2018:3558-01, SUSE-SU-2018:3101-1, SUSE-SU-2018:3572-1, SUSE-SU-2018:3582-1, SUSE-SU-2018:3582-2, USN-3783-1, VIGILANCE-VUL-27316, ZDI-18-1369.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via HTTP/2 SETTINGS of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-4975

Apache httpd: information disclosure via HTTP Response Splitting

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP Response Splitting of Apache httpd, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 16/08/2018.
Identifiers: CVE-2016-4975, openSUSE-SU-2018:2856-1, SUSE-SU-2018:2554-1, SUSE-SU-2018:2815-1, VIGILANCE-VUL-27023.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP Response Splitting of Apache httpd, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2018-8011

Apache httpd: NULL pointer dereference via mod_md

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via mod_md of Apache httpd, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 18/07/2018.
Identifiers: bulletinjul2018, CVE-2018-8011, FEDORA-2018-49d3b42425, ibm10720141, openSUSE-SU-2018:2433-1, SSA:2018-199-01, SUSE-SU-2018:2424-1, VIGILANCE-VUL-26781.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via mod_md of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2018-1333

Apache httpd: denial of service via HTTP/2

Synthesis of the vulnerability

An attacker can generate a fatal error via HTTP/2 of Apache httpd, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 18/07/2018.
Identifiers: CVE-2018-1333, ibm10720141, openSUSE-SU-2018:2397-1, openSUSE-SU-2018:2433-1, RHSA-2018:3558-01, SSA:2018-199-01, SUSE-SU-2018:2336-1, SUSE-SU-2018:2424-1, USN-3783-1, VIGILANCE-VUL-26780.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via HTTP/2 of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1283

Apache httpd: privilege escalation via mod_session CGI Applications

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session CGI Applications of Apache httpd, in order to escalate his privileges.
Severity: 3/4.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1283, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25642.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via mod_session CGI Applications of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apache HTTP Server: