Page 17 of 93 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. El servidor HTTP Apache, en todas las distribuciones anteriores a la 2.2.32 y la 2.4.25 era liberal en el espacio en blanco aceptado de peticiones y enviado en lineas y cabeceras de respuesta. La aceptación de estos comportamientos diferentes representaba un problema a nivel de seguridad cuando httpd participa en cualquier cadena de proxies o interactúa con servidores de aplicaciones backend, ya sea mediante mod_proxy o utilizando mecanismos CGI convencionales y puede dar lugar al tráfico de peticiones, división de respuestas y contaminación de la caché. It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. • http://rhn.redhat.com/errata/RHSA-2017-1415.html http://www.debian.org/security/2017/dsa-3796 http://www.securityfocus.com/bid/95077 http://www.securitytracker.com/id/1037508 https://access.redhat.com/errata/RHSA-2017:0906 https://access.redhat.com/errata/RHSA-2017:1161 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1721 https://h20566.www2.hpe.com/hpsc/doc/public/display • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 3%CPEs: 17EXPL: 0

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. En Apache HTTP Server versiones 2.4.0 hasta 2.4.23, una entrada maliciosa a mod_auth_digest puede causar que el servidor se bloquee y cada instancia continúa bloqueado incluso para las peticiones válidas posteriormente. It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. • http://rhn.redhat.com/errata/RHSA-2017-1415.html http://www.debian.org/security/2017/dsa-3796 http://www.securityfocus.com/bid/95076 http://www.securitytracker.com/id/1037508 https://access.redhat.com/errata/RHSA-2017:0906 https://access.redhat.com/errata/RHSA-2017:1161 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us https:& • CWE-20: Improper Input Validation CWE-823: Use of Out-of-range Pointer Offset •

CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 1

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. En Apache HTTP Server versiones 2.4.0 hasta 2.4.23, mod_session_crypto fue cifraba su cookie y datos utilizando los cifrados configurados posiblemente con los modos de operación CBC o ECB (AES256-CBC por defecto), por lo tanto, no se puede seleccionar ni crear cifrado autenticado integrado. Esto lo hizo vulnerable a los ataques de tipo oráculo de relleno (padding oracle), particularmente con CBC. It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. • https://www.exploit-db.com/exploits/40961 http://rhn.redhat.com/errata/RHSA-2017-1415.html http://www.debian.org/security/2017/dsa-3796 http://www.securityfocus.com/bid/95078 http://www.securitytracker.com/id/1037508 https://access.redhat.com/errata/RHSA-2017:0906 https://access.redhat.com/errata/RHSA-2017:1161 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocal • CWE-287: Improper Authentication CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 2

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. El módulo mod_http2 en el Apache HTTP Server 2.4.17 hasta la versión 2.4.23, cuando la configuración Protocols incluye h2 o h2c, no restringe la longitud de la cabecera de petición, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de marcos CONTINUATION manipulados en una petición HTTP/2. A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. • https://www.exploit-db.com/exploits/40909 http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html http://rhn.redhat.com/errata/RHSA-2017-1415.html http://www.securityfocus.com/bid/94650 http://www.securitytracker.com/id/1037388 https://access.redhat.com/errata/RHSA-2017:1161 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 8.1EPSS: 17%CPEs: 52EXPL: 0

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. El Apache HTTP Server hasta la versión 2.4.23 sigue a RFC 3875 sección 4.1.18 y por lo tanto no protege aplicaciones de la presencia de datos de clientes no confiables en ambiente variable de HTTP_PROXY, lo que puede permitir a atacantes remotos redireccionar el tráfico HTTP saliente de aplicación a un servidor proxy arbitrario a través de una cabecera Proxy manipulada en una petición HTTP, también conocido como problema "httpoxy". NOTA: el vendedor afirma "Se ha asignado a esta mitigación el identificador CVE-2016-5387"; en otras palabras, esto no es un CVE ID para una vulnerabilidad. It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html http://rhn.redhat.com/errata/RHSA-2016-1624.html http://rhn.redhat.com/errata/RHSA-2016-1625.html http://rhn.redhat.com/errata/RHSA-2016-1648.html http://rhn.redhat.com/errata/RHSA-2016-1649.html http://rhn.redhat.com/errata/RHSA-2016-1650.html http://www.debian.org/security/2016/dsa-3623 http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-20: Improper Input Validation •