The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apache httpd Modules ~ not comprehensive

vulnerability announce CVE-2011-2767

Apache httpd mod_perl: code execution via htaccess

Synthesis of the vulnerability

An attacker can use a vulnerability via htaccess of Apache httpd mod_perl, in order to run code.
Impacted products: Apache httpd Modules ~ not comprehensive, Debian, Fedora, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 10/09/2018.
Identifiers: 644169, CVE-2011-2767, DLA-1507-1, FEDORA-2018-a94668408d, RHSA-2018:2737-01, RHSA-2018:2825-01, RHSA-2018:2826-01, USN-3825-1, USN-3825-2, VIGILANCE-VUL-27182.

Description of the vulnerability

An attacker can use a vulnerability via htaccess of Apache httpd mod_perl, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1283

Apache httpd: privilege escalation via mod_session CGI Applications

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session CGI Applications of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1283, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25642.

Description of the vulnerability

An attacker can bypass restrictions via mod_session CGI Applications of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-15710

Apache httpd: denial of service via mod_authnz_ldap

Synthesis of the vulnerability

An attacker can generate a fatal error via mod_authnz_ldap of Apache httpd, in order to trigger a denial of service.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2017-15710, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25641.

Description of the vulnerability

An attacker can generate a fatal error via mod_authnz_ldap of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-15715

Apache httpd: file reading via FilesMatch Newline

Synthesis of the vulnerability

A local attacker can read a file via FilesMatch Newline of Apache httpd, in order to obtain sensitive information.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2017-15715, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25640.

Description of the vulnerability

A local attacker can read a file via FilesMatch Newline of Apache httpd, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1312

Apache httpd: privilege escalation via mod_auth_digest

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_auth_digest of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: bulletinapr2018, CVE-2018-1312, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25639.

Description of the vulnerability

An attacker can bypass restrictions via mod_auth_digest of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1301

Apache httpd: out-of-bounds memory reading via Request Reading Failure

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Request Reading Failure of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1301, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, K78131906, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, SYMSA1457, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25638.

Description of the vulnerability

An attacker can force a read at an invalid address via Request Reading Failure of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1302

Apache httpd: use after free via HTTP/2 Stream Shutdown

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via HTTP/2 Stream Shutdown of Apache httpd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Fedora, openSUSE Leap, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1302, FEDORA-2018-0a95bff197, FEDORA-2018-63de5f3f6b, openSUSE-SU-2018:1198-1, USN-3783-1, VIGILANCE-VUL-25637.

Description of the vulnerability

An attacker can force the usage of a freed memory area via HTTP/2 Stream Shutdown of Apache httpd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1303

Apache httpd: out-of-bounds memory reading via mod_cache_socache

Synthesis of the vulnerability

An attacker can force a read at an invalid address via mod_cache_socache of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Blue Coat CAS, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1303, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, SYMSA1457, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25636.

Description of the vulnerability

An attacker can force a read at an invalid address via mod_cache_socache of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-3110

Apache mod_cluster: denial of service via MCMP

Synthesis of the vulnerability

An attacker can send a malicious MCMP message to Apache mod_cluster, in order to trigger a denial of service.
Impacted products: Apache httpd Modules ~ not comprehensive, Fedora, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 23/08/2016.
Identifiers: 1326320, CVE-2016-3110, FEDORA-2016-249e92f700, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, VIGILANCE-VUL-20452.

Description of the vulnerability

The Apache mod_cluster module manages received MCMP messages.

However, when a malicious message is received, a fatal error occurs.

An attacker can therefore send a malicious MCMP message to Apache mod_cluster, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-5244

Apache httpd mod_nss: privilege escalation via Disabled Ciphers

Synthesis of the vulnerability

An attacker can use an obsolete algorithm with Apache httpd mod_nss, in order to perform a Man-in-the-Middle.
Impacted products: Apache httpd Modules ~ not comprehensive, Fedora.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 11/01/2016.
Identifiers: 1259216, CVE-2015-5244, FEDORA-2015-c76c1c84cf, FEDORA-2016-6aa4dd4f3a, VIGILANCE-VUL-18673.

Description of the vulnerability

The mod_nss module can be installed on Apache httpd.

The NSSCipherSuite option indicates algorithms. For example :
  NSSCipherSuite !eNULL:!aNULL:AESGCM+aRSA:ECDH+aRSA

However, the negation (!) operator is ignored.

An attacker can therefore use an obsolete algorithm with Apache httpd mod_nss, in order to perform a Man-in-the-Middle.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apache httpd Modules ~ not comprehensive: