The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apache httpd

computer vulnerability note CVE-2018-1283

Apache httpd: privilege escalation via mod_session CGI Applications

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session CGI Applications of Apache httpd, in order to escalate his privileges.
Severity: 3/4.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1283, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25642.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via mod_session CGI Applications of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2017-15710

Apache httpd: denial of service via mod_authnz_ldap

Synthesis of the vulnerability

An attacker can generate a fatal error via mod_authnz_ldap of Apache httpd, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 26/03/2018.
Identifiers: CVE-2017-15710, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25641.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via mod_authnz_ldap of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2017-15715

Apache httpd: file reading via FilesMatch Newline

Synthesis of the vulnerability

A local attacker can read a file via FilesMatch Newline of Apache httpd, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/03/2018.
Identifiers: CVE-2017-15715, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25640.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a file via FilesMatch Newline of Apache httpd, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2018-1312

Apache httpd: privilege escalation via mod_auth_digest

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_auth_digest of Apache httpd, in order to escalate his privileges.
Severity: 2/4.
Creation date: 26/03/2018.
Identifiers: bulletinapr2018, CVE-2018-1312, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, RHSA-2019:1898-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25639.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via mod_auth_digest of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2018-1301

Apache httpd: out-of-bounds memory reading via Request Reading Failure

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Request Reading Failure of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1301, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, K78131906, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, SYMSA1457, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25638.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via Request Reading Failure of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2018-1302

Apache httpd: use after free via HTTP/2 Stream Shutdown

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via HTTP/2 Stream Shutdown of Apache httpd, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1302, FEDORA-2018-0a95bff197, FEDORA-2018-63de5f3f6b, openSUSE-SU-2018:1198-1, USN-3783-1, VIGILANCE-VUL-25637.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via HTTP/2 Stream Shutdown of Apache httpd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2018-1303

Apache httpd: out-of-bounds memory reading via mod_cache_socache

Synthesis of the vulnerability

An attacker can force a read at an invalid address via mod_cache_socache of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1303, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, SYMSA1457, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25636.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via mod_cache_socache of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2017-9798

Apache httpd: information disclosure via htaccess Limit Optionsbleed

Synthesis of the vulnerability

When Apache httpd hosts an .htaccess file with the Limit option, an OPTIONS query can retrieve an extract of the service memory.
Severity: 2/4.
Creation date: 19/09/2017.
Identifiers: 2009782, bulletinjan2018, CERTFR-2017-AVI-336, cpujan2018, cpujan2019, CVE-2017-9798, DLA-1102-1, DSA-2019-131, DSA-3980-1, FEDORA-2017-a52f252521, HT208331, HT208394, JSA10838, openSUSE-SU-2017:2549-1, openSUSE-SU-2018:1057-1, RHSA-2017:2882-01, RHSA-2017:2972-01, RHSA-2017:3018-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3239-01, RHSA-2017:3240-01, SSA:2017-261-01, Synology-SA-17:56, USN-3425-1, USN-3425-2, VIGILANCE-VUL-23863.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

When Apache httpd hosts an .htaccess file with the Limit option, an OPTIONS query can retrieve an extract of the service memory.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2017-9789

Apache httpd: use after free via mod_http2

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via mod_http2 of Apache httpd, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 13/07/2017.
Identifiers: APPLE-SA-2017-09-25-1, CVE-2017-9789, HT208144, HT208221, openSUSE-SU-2018:0291-1, VIGILANCE-VUL-23250.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via mod_http2 of Apache httpd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2017-9788

Apache httpd: information disclosure via mod_auth_digest

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via mod_auth_digest of Apache httpd, in order to obtain sensitive information.
Severity: 3/4.
Creation date: 13/07/2017.
Identifiers: APPLE-SA-2017-09-25-1, bulletinjul2017, cpuoct2017, CVE-2017-9788, DLA-1028-1, DSA-3913-1, HT208144, HT208221, JSA10838, openSUSE-SU-2017:2016-1, RHSA-2017:2478-01, RHSA-2017:2479-01, RHSA-2017:2483-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3193-01, RHSA-2017:3194-01, RHSA-2017:3195-01, RHSA-2017:3239-01, RHSA-2017:3240-01, SYMSA1457, USN-3370-1, USN-3370-2, VIGILANCE-VUL-23249.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via mod_auth_digest of Apache httpd, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apache httpd: