CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2019-10082 – httpd: read-after-free in h2 connection shutdown
https://notcve.org/view.php?id=CVE-2019-10082
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. En Apache HTTP Server versiones 2.4.18 hasta 2.4.39, usando la entrada de red difusa, el manejo de la sesión http/2 podría ser hecha para leer la memoria después de ser liberada, durante el apagado de la conexión. A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash. • https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2751
https://notcve.org/view.php?id=CVE-2019-2751
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans). Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 7.8EPSS: 50%CPEs: 19EXPL: 1CVE-2018-20843 – expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
https://notcve.org/view.php?id=CVE-2018-20843
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). En libexpat en Expat anterior a versión 2.2.7, una entrada XML incluyendo nombres XML que contienen una gran cantidad de "dos puntos", podría hacer que el analizador XML consuma una gran cantidad de recursos de RAM y CPU durante el procesamiento (lo suficiente como para ser utilizables en ataques de denegación de servicio) . It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html https://lists.fedoraproject.org/archives/ • CWE-400: Uncontrolled Resource Consumption CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.9EPSS: 0%CPEs: 26EXPL: 0CVE-2019-0197 – httpd: mod_http2: possible crash on late upgrade
https://notcve.org/view.php?id=CVE-2019-0197
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue. Una vulnerabilidad fue encontrada en Apache HTTP Server 2.4.34 hasta 2.4.38 y clasificada como problemática. Cuando se habilitó HTTP / 2 para un http: host o H2Upgrade se habilitó para h2 en un https: host, una solicitud de actualización de http / 1.1 a http / 2 que no fue la primera solicitud en una conexión podría provocar una mala configuración y un fallo. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html http://www.openwall.com/lists/oss-security/2019/04/02/2 http://www.securityfocus.com/bid/107665 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3935 https://httpd.apac • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-0217 – httpd: mod_auth_digest: access control bypass due to race condition
https://notcve.org/view.php?id=CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. En Apache HTTP Server 2.4 versión 2.4.38 y anteriores, una condición de carrera en mod_auth_digest cuando se ejecuta en un servidor multihilo podría permitir a un usuario con credenciales válidas autenticarse usando otro nombre de usuario, evitando las restricciones de control de acceso configuradas. A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html http://www.openwall.com/lists/oss-security/2019/04/02/5 http://www.securityfocus.com/bid/107668 https://access.redhat.com/errata/RHSA-2019:2343 https://access.redhat.com/errata/RHSA-2019:3436 https://access.redhat.com/errata/RHSA-2019:3932 https://access.red • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •