CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1283 – httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications
https://notcve.org/view.php?id=CVE-2018-1283
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. En Apache httpd, versiones 2.4.0 hasta la 2.4.29, cuando se configura mod_session para que reenvíe sus datos de sesión a aplicaciones CGI (SessionEnv habilitado, no por defecto), un usuario remoto podría influir en su contenido empleando una cabecera "Session". Esto viene del nombre de variable "HTTP_SESSION", empleado por mod_session para reenviar sus datos a interfaces de entrada común (CGI), dado que el prefijo "HTTP_" también es utilizado por el servidor Apache HTTP para pasar sus campos de cabecera HTTP, por especificaciones CGI. It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. • http://www.openwall.com/lists/oss-security/2018/03/24/4 http://www.securityfocus.com/bid/103520 http://www.securitytracker.com/id/1040568 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3250
https://notcve.org/view.php?id=CVE-2014-3250
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. El archivo de configuración vhost por defecto en Puppet en versiones anteriores a la 3.6.2 no incluye la directiva SSLCARevocationCheck. Esto podría permitir que atacantes remotos obtengan información sensible mediante un certificado revocado cuando un Puppet master se ejecuta con Apache 2.4. • https://bugzilla.redhat.com/show_bug.cgi?id=1101347 https://puppet.com/security/cve/CVE-2014-3250 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000118
https://notcve.org/view.php?id=CVE-2017-1000118
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service Akka HTTP en su versión 10.0.5 y anteriores tiene una vulnerabilidad en Illegal Media Range en Accept Header que causa un error de desbordamiento de pila que desemboca en una denegación de servicio (DoS). • https://doc.akka.io/docs/akka-http/10.0.6/security/2017-05-03-illegal-media-range-in-accept-header-causes-stackoverflowerror.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 97%CPEs: 22EXPL: 6CVE-2017-9798 – Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak
https://notcve.org/view.php?id=CVE-2017-9798
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c. • https://www.exploit-db.com/exploits/42745 https://github.com/nitrado/CVE-2017-9798 https://github.com/l0n3rs/CVE-2017-9798 http://openwall.com/lists/oss-security/2017/09/18/2 http://www.debian.org/security/2017/dsa-3980 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/securi • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2017-9789
https://notcve.org/view.php?id=CVE-2017-9789
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome, en versiones anteriores a la 59.0.3071.115 para Mac, permitía que un atacante remoto realizase una suplantación de dominio mediante un nombre de dominio manipulado que contiene un carácter U+0620. Esto también se conoce como Apple rdar problem 32458012. • http://www.securityfocus.com/bid/99568 http://www.securitytracker.com/id/1038907 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/9d0098775bd83cf7c33ac5a077ef412c14ce939198921e639c734e20%40%3Cannounce.httpd.apache.org%3E https://lists.apache.org/thread.html/r15f9a • CWE-416: Use After Free •