CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1777
https://notcve.org/view.php?id=CVE-2015-1777
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. rhnreg_ks en Red Hat Network Client Tools (también conocido como rhn-client-tools) en Red Hat Gluster Storage 2.1 y Enterprise Linux (RHEL) 5, 6 y 7 no valida correctamente los nombres de host en los certificados X.509 de los servidores SSL. Esto puede permitir que atacantes remotos eviten el registro en el sistema mediante un ataque Man-in-the-Middle (MitM). • http://www.openwall.com/lists/oss-security/2015/03/04/7 http://www.securityfocus.com/bid/72943 https://bugzilla.redhat.com/show_bug.cgi?id=1198740 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 2%CPEs: 36EXPL: 0CVE-2017-15710 – httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values
https://notcve.org/view.php?id=CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. • http://www.openwall.com/lists/oss-security/2018/03/24/8 http://www.securityfocus.com/bid/103512 http://www.securitytracker.com/id/1040569 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 1%CPEs: 18EXPL: 0CVE-2018-1301 – httpd: Out of bounds access after failure in reading the HTTP request
https://notcve.org/view.php?id=CVE-2018-1301
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. Una petición especialmente manipulada podría haber provocado el cierre inesperado del servidor Apache HTTP en versiones anteriores a la 2.4.30, debido a un acceso fuera de límites tras alcanzar un límite de tamaño mediante la lectura de una cabecera HTTP. Esta vulnerabilidad se considera crítica si no es imposible desencadenarla en un modo que no sea de depuración (tanto a nivel de log como de build), por lo que se clasifica como vulnerabilidad de riesgo bajo para un uso común del servidor. • http://www.openwall.com/lists/oss-security/2018/03/24/2 http://www.securityfocus.com/bid/103515 http://www.securitytracker.com/id/1040573 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 95%CPEs: 16EXPL: 1CVE-2017-15715 – httpd: <FilesMatch> bypass with a trailing newline in the file name
https://notcve.org/view.php?id=CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. En las versiones 2.4.0 hasta la 2.4.29 de Apache httpd, la expresión especificada en podría unir "$" con un carácter nueva línea o newline en un nombre de archivo malicioso, en lugar de interpretarse, únicamente, como el final del nombre de archivo. Esto se podría explotar en entornos donde las subidas de algunos archivos están bloqueadas de manera externa, pero solo uniendo la porción final del nombre del archivo. • https://github.com/whisp1830/CVE-2017-15715 http://www.openwall.com/lists/oss-security/2018/03/24/6 http://www.securityfocus.com/bid/103525 http://www.securitytracker.com/id/1040570 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache& • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1283 – httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications
https://notcve.org/view.php?id=CVE-2018-1283
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. En Apache httpd, versiones 2.4.0 hasta la 2.4.29, cuando se configura mod_session para que reenvíe sus datos de sesión a aplicaciones CGI (SessionEnv habilitado, no por defecto), un usuario remoto podría influir en su contenido empleando una cabecera "Session". Esto viene del nombre de variable "HTTP_SESSION", empleado por mod_session para reenviar sus datos a interfaces de entrada común (CGI), dado que el prefijo "HTTP_" también es utilizado por el servidor Apache HTTP para pasar sus campos de cabecera HTTP, por especificaciones CGI. It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. • http://www.openwall.com/lists/oss-security/2018/03/24/4 http://www.securityfocus.com/bid/103520 http://www.securitytracker.com/id/1040568 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-20: Improper Input Validation •