Search CVE reports
161 – 170 of 306 results
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption)...
1 affected package
libapache2-mod-auth-mellon
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-auth-mellon | — | — | — | Not affected |
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash)...
1 affected package
libapache2-mod-auth-mellon
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-auth-mellon | — | — | — | Not affected |
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
1 affected package
libapache2-mod-fcgid
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-fcgid | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.
1 affected package
libapache2-mod-nss
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-nss | — | — | — | Not affected |
Some fixes available 48 of 55
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks...
11 affected packages
apache2, firefox, gnutls26, gnutls28, nss...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | Not affected |
firefox | — | — | — | Fixed |
gnutls26 | — | — | — | Not in release |
gnutls28 | — | — | — | Not affected |
nss | — | — | — | Fixed |
openjdk-6 | — | — | — | Not in release |
openjdk-7 | — | — | — | Not in release |
openjdk-8 | — | — | — | Not affected |
openssl | — | — | — | Not affected |
openssl098 | — | — | — | Not in release |
thunderbird | — | — | — | Fixed |
The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.
1 affected package
libapache2-mod-nss
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-nss | Not in release | Not in release | Not in release | Vulnerable |
Some fixes available 2 of 3
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting,...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |