CVE-2016-4975 – mod_userdir CRLF injection
https://notcve.org/view.php?id=CVE-2016-4975
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). Posible inyección CRLF que permite ataques de separación de respuesta HTTP para los sitios que emplean mod_userdir. • http://www.securityfocus.com/bid/105093 https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975 https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2018-1303 – httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS
https://notcve.org/view.php?id=CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. Una cabecera HTTP especialmente manipulada podría haber provocado el cierre inesperado del servidor Apache HTTP en versiones anteriores a la 2.4.30, debido a una lectura fuera de límites mientras se preparan los datos que se van a almacenar en la memoria caché compartida. Esto se podría utilizar como ataque de denegación de servicio (DoS) contra usuarios de mod_cache_socache. • http://www.openwall.com/lists/oss-security/2018/03/24/3 http://www.securityfocus.com/bid/103522 http://www.securitytracker.com/id/1040572 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-125: Out-of-bounds Read •
CVE-2018-1302 – httpd: Use-after-free on HTTP/2 stream shutdown
https://notcve.org/view.php?id=CVE-2018-1302
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. Cuando un flujo de datos o stream HTTP/2 se destruye después de haber sido manipulado, el servidor Apache HTTP en versiones anteriores a la 2.4.30 podría escribir un puntero NULL en una memoria ya liberada. Los bloques de memoria mantenidos por el servidor hacen que sea difícil que esta vulnerabilidad tenga lugar en configuraciones normales, el informador y el equipo no podían reproducirla fuera de builds de depuración, por lo que se clasifica como de riesgo bajo. • http://www.openwall.com/lists/oss-security/2018/03/24/5 http://www.securityfocus.com/bid/103528 http://www.securitytracker.com/id/1040567 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVE-2018-1301 – httpd: Out of bounds access after failure in reading the HTTP request
https://notcve.org/view.php?id=CVE-2018-1301
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. Una petición especialmente manipulada podría haber provocado el cierre inesperado del servidor Apache HTTP en versiones anteriores a la 2.4.30, debido a un acceso fuera de límites tras alcanzar un límite de tamaño mediante la lectura de una cabecera HTTP. Esta vulnerabilidad se considera crítica si no es imposible desencadenarla en un modo que no sea de depuración (tanto a nivel de log como de build), por lo que se clasifica como vulnerabilidad de riesgo bajo para un uso común del servidor. • http://www.openwall.com/lists/oss-security/2018/03/24/2 http://www.securityfocus.com/bid/103515 http://www.securitytracker.com/id/1040573 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2017-12171 – httpd: # character matches all IPs
https://notcve.org/view.php?id=CVE-2017-12171
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. Se ha detectado una regresión en la versión 6.9 de Red Hat Enterprise Linux de httpd 2.2.15-60, provocando que los comentarios en las líneas de configuración "Allow" y "Deny" se analicen incorrectamente. Un administrador web podría permitir de manera involuntaria que cualquier cliente acceda a un recurso HTTP restringido. A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. • http://www.securityfocus.com/bid/101516 http://www.securitytracker.com/id/1039633 https://access.redhat.com/errata/RHSA-2017:2972 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171 https://access.redhat.com/security/cve/CVE-2017-12171 https://bugzilla.redhat.com/show_bug.cgi?id=1493056 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •