CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2018-11763 – Apache2 mod_http2 header Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. En Apache HTTP Server, de la versión 2.4.17 a la 2.4.34, mediante el envío continuo de tramas SETTINGS grandes, un cliente puede ocupar una conexión, hilo del servidor y tiempo de CPU sin que se active ningún agotamiento del tiempo de conexión. Esto solo afecta a las conexiones HTTP/2. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html http://www.securityfocus.com/bid/105414 http://www.securitytracker.com/id/1041713 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7f • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2760
https://notcve.org/view.php?id=CVE-2018-2760
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103826 http://www.securitytracker.com/id/1040699 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2561
https://notcve.org/view.php?id=CVE-2018-2561
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102565 http://www.securitytracker.com/id/1040210 •
CVSS: 9.1EPSS: 46%CPEs: 34EXPL: 0CVE-2017-9788 – httpd: Uninitialized memory reflection in mod_auth_digest
https://notcve.org/view.php?id=CVE-2017-9788
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. En Apache httpd, en versiones anteriores a la 2.2.34 y en versiones 2.4.x anteriores a la 2.4.27, el valor placeholder en cabeceras [Proxy-]Authorization del tipo 'Digest' no se inicializó o reinició antes de o entre las asignaciones sucesivas key=value por mod_auth_digest. Proporcionar una clave inicial sin asignación "=" podría reflejar el valor obsoleto de la memoria agrupada no inicializada utilizada por la petición anterior. Esto podría dar lugar al filtrado de información potencialmente confidencial y, en otros casos, a un fallo de segmentación que daría como resultado una denegación de servicio (DoS) It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. • http://www.debian.org/security/2017/dsa-3913 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99569 http://www.securitytracker.com/id/1038906 https://access.redhat.com/errata/RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2708 https://access.redhat.com/errata/RHSA-2017:2709 https://access.redhat.com/errata/RHS • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVSS: 7.5EPSS: 27%CPEs: 39EXPL: 0CVE-2017-7668 – httpd: ap_find_token() buffer overread
https://notcve.org/view.php?id=CVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Los cambios en el análisis sintáctico estricto de HTTP añadidos en las versiones 2.2.32 y 2.4.24 de Apache httpd introdujeron un error en el análisis de listas de tokens. Esto permite que ap_find_token() busque más allá del final de la cadena de entrada. Un atacante puede conseguir causar un fallo de segmentación o forzar a que ap_find_token() devuelva un valor incorrecto mediante la manipulación de una secuencia de cabeceras de peticiones con fines maliciosos. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99137 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b%40%3Cdev.httpd. • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •