CVSS: 8.1EPSS: 95%CPEs: 16EXPL: 1CVE-2017-15715 – httpd: <FilesMatch> bypass with a trailing newline in the file name
https://notcve.org/view.php?id=CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. En las versiones 2.4.0 hasta la 2.4.29 de Apache httpd, la expresión especificada en podría unir "$" con un carácter nueva línea o newline en un nombre de archivo malicioso, en lugar de interpretarse, únicamente, como el final del nombre de archivo. Esto se podría explotar en entornos donde las subidas de algunos archivos están bloqueadas de manera externa, pero solo uniendo la porción final del nombre del archivo. • https://github.com/whisp1830/CVE-2017-15715 http://www.openwall.com/lists/oss-security/2018/03/24/6 http://www.securityfocus.com/bid/103525 http://www.securitytracker.com/id/1040570 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache& • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1283 – httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications
https://notcve.org/view.php?id=CVE-2018-1283
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. En Apache httpd, versiones 2.4.0 hasta la 2.4.29, cuando se configura mod_session para que reenvíe sus datos de sesión a aplicaciones CGI (SessionEnv habilitado, no por defecto), un usuario remoto podría influir en su contenido empleando una cabecera "Session". Esto viene del nombre de variable "HTTP_SESSION", empleado por mod_session para reenviar sus datos a interfaces de entrada común (CGI), dado que el prefijo "HTTP_" también es utilizado por el servidor Apache HTTP para pasar sus campos de cabecera HTTP, por especificaciones CGI. It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. • http://www.openwall.com/lists/oss-security/2018/03/24/4 http://www.securityfocus.com/bid/103520 http://www.securitytracker.com/id/1040568 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000118
https://notcve.org/view.php?id=CVE-2017-1000118
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service Akka HTTP en su versión 10.0.5 y anteriores tiene una vulnerabilidad en Illegal Media Range en Accept Header que causa un error de desbordamiento de pila que desemboca en una denegación de servicio (DoS). • https://doc.akka.io/docs/akka-http/10.0.6/security/2017-05-03-illegal-media-range-in-accept-header-causes-stackoverflowerror.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 97%CPEs: 22EXPL: 6CVE-2017-9798 – Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak
https://notcve.org/view.php?id=CVE-2017-9798
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c. • https://www.exploit-db.com/exploits/42745 https://github.com/nitrado/CVE-2017-9798 https://github.com/l0n3rs/CVE-2017-9798 http://openwall.com/lists/oss-security/2017/09/18/2 http://www.debian.org/security/2017/dsa-3980 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/securi • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2017-9789
https://notcve.org/view.php?id=CVE-2017-9789
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome, en versiones anteriores a la 59.0.3071.115 para Mac, permitía que un atacante remoto realizase una suplantación de dominio mediante un nombre de dominio manipulado que contiene un carácter U+0620. Esto también se conoce como Apple rdar problem 32458012. • http://www.securityfocus.com/bid/99568 http://www.securitytracker.com/id/1038907 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/9d0098775bd83cf7c33ac5a077ef412c14ce939198921e639c734e20%40%3Cannounce.httpd.apache.org%3E https://lists.apache.org/thread.html/r15f9a • CWE-416: Use After Free •