CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2019-10082 – httpd: read-after-free in h2 connection shutdown
https://notcve.org/view.php?id=CVE-2019-10082
27 Aug 2019 — In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. En Apache HTTP Server versiones 2.4.18 hasta 2.4.39, usando la entrada de red difusa, el manejo de la sesión http/2 podría ser hecha para leer la memoria después de ser liberada, durante el apagado de la conexión. A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cau... • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-416: Use After Free •
CVSS: 6.1EPSS: 4%CPEs: 26EXPL: 4CVE-2019-10092 – Apache Httpd mod_proxy - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-10092
27 Aug 2019 — In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la ... • https://www.exploit-db.com/exploits/47688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 85%CPEs: 20EXPL: 0CVE-2019-10097 – httpd: null-pointer dereference in mod_remoteip
https://notcve.org/view.php?id=CVE-2019-10097
27 Aug 2019 — In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. En Apache HTTP Server versiones 2.4.32 hasta 2.4.39, cuando mod_remoteip se configuró para usar un servidor proxy intermediario de confianza que utiliza el protocolo "PROXY", u... • https://access.redhat.com/errata/RHSA-2019:4126 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 22%CPEs: 1EXPL: 1CVE-2019-10098 – Apache Httpd mod_rewrite - Open Redirects
https://notcve.org/view.php?id=CVE-2019-10098
27 Aug 2019 — In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. En el servidor HTTP Apache versiones 2.4.0 hasta 2.4.39, los Redireccionamientos configurados con mod_rewrite que fueron previstos a estar auto referenciados podrían ser engañados por nuevas líneas codificadas y redireccionadas a una URL inesperada dentro de la URL de la petición. A vulnera... • https://www.exploit-db.com/exploits/47689 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2019-10081 – httpd: memory corruption on early pushes
https://notcve.org/view.php?id=CVE-2019-10081
15 Aug 2019 — HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. Pushes tempranos de HTTP/2 (versiones 2.4.20 hasta 2.4.39) configurados por ejemplo con "H2PushResource", podrían conllevar a una sobrescritura de memoria en el pushing de grupo de peticiones causando bloqueos. La memoria copi... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 8%CPEs: 43EXPL: 0CVE-2019-9517 – Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9517
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Algunas implementaciones HT... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.9EPSS: 0%CPEs: 26EXPL: 0CVE-2019-0197 – httpd: mod_http2: possible crash on late upgrade
https://notcve.org/view.php?id=CVE-2019-0197
11 Jun 2019 — A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue. Una vulnerabilidad fue encontrada en Apache HTTP Server 2.4.34 hasta 2.4.38 y clasi... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-0215 – httpd: mod_ssl: access control bypass when using per-location client certification authentication
https://notcve.org/view.php?id=CVE-2019-0215
08 Apr 2019 — In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. En Apache HTTP Server 2.4, versiones 2.4.37 y 2.4.38, un error en mod_ssl al utilizar la verificación de certificados de cliente por ubicación con TLSv1.3 permitía a un cliente eludir las restricciones de control de acceso configuradas. A flaw was found in Apache HTTP Server 2.4 (releases 2.4.37 and 2.4.... • http://www.openwall.com/lists/oss-security/2019/04/02/4 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2019-0220 – httpd: URL normalization inconsistency
https://notcve.org/view.php?id=CVE-2019-0220
03 Apr 2019 — A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. Se descubrió una vulnerabilidad en Apache HTTP Server 2.4.0 hasta 2.4.38. Cuando el componente del recorrido de la solicitud de la URL contiene múltiples barras diagonales consecutivas... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2019-0217 – httpd: mod_auth_digest: access control bypass due to race condition
https://notcve.org/view.php?id=CVE-2019-0217
03 Apr 2019 — In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. En Apache HTTP Server 2.4 versión 2.4.38 y anteriores, una condición de carrera en mod_auth_digest cuando se ejecuta en un servidor multihilo podría permitir a un usuario con credenciales válidas autenticarse usando otro nombre de usuario, evitando las restr... • https://github.com/savsch/PoC_CVE-2019-0217 • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •