Search CVE reports


Toggle filters

161 – 170 of 306 results


CVE-2016-2161

Low priority
Fixed

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2016-2146

Medium priority
Ignored

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption)...

1 affected package

libapache2-mod-auth-mellon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-auth-mellon Not affected
Show less packages

CVE-2016-2145

Medium priority
Ignored

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash)...

1 affected package

libapache2-mod-auth-mellon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-auth-mellon Not affected
Show less packages

CVE-2016-1546

Medium priority
Not affected

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2016-1000104

Medium priority
Vulnerable

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

1 affected package

libapache2-mod-fcgid

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-fcgid Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2016-0736

Medium priority
Fixed

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2015-5244

Medium priority
Ignored

The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.

1 affected package

libapache2-mod-nss

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-nss Not affected
Show less packages

CVE-2015-4000

Medium priority

Some fixes available 48 of 55

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks...

11 affected packages

apache2, firefox, gnutls26, gnutls28, nss...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected
firefox Fixed
gnutls26 Not in release
gnutls28 Not affected
nss Fixed
openjdk-6 Not in release
openjdk-7 Not in release
openjdk-8 Not affected
openssl Not affected
openssl098 Not in release
thunderbird Fixed
Show all 11 packages Show less packages

CVE-2015-3277

Medium priority
Vulnerable

The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.

1 affected package

libapache2-mod-nss

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-nss Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2015-3185

Medium priority

Some fixes available 2 of 3

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting,...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages