The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apache httpd Modules ~ not comprehensive

computer vulnerability alert CVE-2019-0217

Apache httpd mod_auth_digest: privilege escalation via Race Condition

Synthesis of the vulnerability

An attacker can bypass restrictions via Race Condition of Apache httpd mod_auth_digest, in order to escalate his privileges.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, HP-UX, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 02/04/2019.
Identifiers: CERTFR-2019-AVI-141, CVE-2019-0217, DLA-1748-1, DSA-4422-1, FEDORA-2019-a4ed7400f4, HPESBUX03950, openSUSE-SU-2019:1190-1, openSUSE-SU-2019:1209-1, openSUSE-SU-2019:1258-1, RHSA-2019:2343-01, SUSE-SU-2019:0873-1, SUSE-SU-2019:0878-1, SUSE-SU-2019:0888-1, SUSE-SU-2019:0888-2, SUSE-SU-2019:0889-1, USN-3937-1, USN-3937-2, VIGILANCE-VUL-28916.

Description of the vulnerability

An attacker can bypass restrictions via Race Condition of Apache httpd mod_auth_digest, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-0215

Apache httpd mod_ssl: privilege escalation via Per-location Client Certificate

Synthesis of the vulnerability

An attacker can bypass restrictions via Per-location Client Certificate of Apache httpd mod_ssl, in order to escalate his privileges.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Fedora, Solaris.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user account.
Creation date: 02/04/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-141, CVE-2019-0215, FEDORA-2019-a4ed7400f4, VIGILANCE-VUL-28915.

Description of the vulnerability

An attacker can bypass restrictions via Per-location Client Certificate of Apache httpd mod_ssl, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2011-2767

Apache httpd mod_perl: code execution via htaccess

Synthesis of the vulnerability

An attacker can use a vulnerability via htaccess of Apache httpd mod_perl, in order to run code.
Impacted products: Apache httpd Modules ~ not comprehensive, Debian, Fedora, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 10/09/2018.
Identifiers: 644169, CVE-2011-2767, DLA-1507-1, FEDORA-2018-a94668408d, RHSA-2018:2737-01, RHSA-2018:2825-01, RHSA-2018:2826-01, USN-3825-1, USN-3825-2, VIGILANCE-VUL-27182.

Description of the vulnerability

An attacker can use a vulnerability via htaccess of Apache httpd mod_perl, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1283

Apache httpd: privilege escalation via mod_session CGI Applications

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session CGI Applications of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1283, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25642.

Description of the vulnerability

An attacker can bypass restrictions via mod_session CGI Applications of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-15710

Apache httpd: denial of service via mod_authnz_ldap

Synthesis of the vulnerability

An attacker can generate a fatal error via mod_authnz_ldap of Apache httpd, in order to trigger a denial of service.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2017-15710, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25641.

Description of the vulnerability

An attacker can generate a fatal error via mod_authnz_ldap of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-15715

Apache httpd: file reading via FilesMatch Newline

Synthesis of the vulnerability

A local attacker can read a file via FilesMatch Newline of Apache httpd, in order to obtain sensitive information.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2017-15715, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25640.

Description of the vulnerability

A local attacker can read a file via FilesMatch Newline of Apache httpd, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1312

Apache httpd: privilege escalation via mod_auth_digest

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_auth_digest of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: bulletinapr2018, CVE-2018-1312, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, RHSA-2019:1898-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25639.

Description of the vulnerability

An attacker can bypass restrictions via mod_auth_digest of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1301

Apache httpd: out-of-bounds memory reading via Request Reading Failure

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Request Reading Failure of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1301, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, K78131906, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, SYMSA1457, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25638.

Description of the vulnerability

An attacker can force a read at an invalid address via Request Reading Failure of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1302

Apache httpd: use after free via HTTP/2 Stream Shutdown

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via HTTP/2 Stream Shutdown of Apache httpd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Fedora, openSUSE Leap, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1302, FEDORA-2018-0a95bff197, FEDORA-2018-63de5f3f6b, openSUSE-SU-2018:1198-1, USN-3783-1, VIGILANCE-VUL-25637.

Description of the vulnerability

An attacker can force the usage of a freed memory area via HTTP/2 Stream Shutdown of Apache httpd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1303

Apache httpd: out-of-bounds memory reading via mod_cache_socache

Synthesis of the vulnerability

An attacker can force a read at an invalid address via mod_cache_socache of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Blue Coat CAS, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1303, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, SYMSA1457, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25636.

Description of the vulnerability

An attacker can force a read at an invalid address via mod_cache_socache of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apache httpd Modules ~ not comprehensive: