VYPR

rpm package

almalinux/mod_md

pkg:rpm/almalinux/mod_md

Vulnerabilities (68)

  • CVE-2019-10092MedSep 26, 2019
    affected < 1:2.0.8-8.module_el8.5.0+2609+b30d9eecfixed 1:2.0.8-8.module_el8.5.0+2609+b30d9eec

    In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server

  • CVE-2019-10082CriSep 26, 2019
    affected < 1:2.0.8-8.module_el8.5.0+2609+b30d9eecfixed 1:2.0.8-8.module_el8.5.0+2609+b30d9eec

    In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

  • CVE-2019-10098MedSep 25, 2019
    affected < 1:2.0.8-8.module_el8.5.0+2609+b30d9eecfixed 1:2.0.8-8.module_el8.5.0+2609+b30d9eec

    In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

  • CVE-2019-10081HigAug 15, 2019
    affected < 1:2.0.8-8.module_el8.5.0+2609+b30d9eecfixed 1:2.0.8-8.module_el8.5.0+2609+b30d9eec

    HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the cl

  • CVE-2019-0197MedJun 11, 2019
    affected < 1:2.0.8-8.module_el8.5.0+2609+b30d9eecfixed 1:2.0.8-8.module_el8.5.0+2609+b30d9eec

    A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration

  • CVE-2019-0196MedJun 11, 2019
    affected < 1:2.0.8-8.module_el8.5.0+2609+b30d9eecfixed 1:2.0.8-8.module_el8.5.0+2609+b30d9eec

    A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.

  • CVE-2018-17199HigJan 30, 2019
    affected < 1:2.0.8-8.module_el8.5.0+2609+b30d9eecfixed 1:2.0.8-8.module_el8.5.0+2609+b30d9eec

    In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

  • CVE-2018-17189MedJan 30, 2019
    affected < 1:2.0.8-8.module_el8.5.0+2609+b30d9eecfixed 1:2.0.8-8.module_el8.5.0+2609+b30d9eec

    In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

Page 4 of 4