VYPR

rpm package

suse/apache2&distro=SUSE Linux Enterprise Server 12 SP2-BCL

pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Vulnerabilities (46)

  • CVE-2018-1302MedMar 26, 2018
    affected < 2.4.23-29.18.2fixed 2.4.23-29.18.2

    When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurati

  • CVE-2018-1301MedMar 26, 2018
    affected < 2.4.23-29.18.2fixed 2.4.23-29.18.2

    A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both l

  • CVE-2018-1283MedMar 26, 2018
    affected < 2.4.23-29.18.2fixed 2.4.23-29.18.2

    In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_se

  • CVE-2017-15715HigMar 26, 2018
    affected < 2.4.23-29.18.2fixed 2.4.23-29.18.2

    In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally bloc

  • CVE-2017-15710HigMar 26, 2018
    affected < 2.4.23-29.18.2fixed 2.4.23-29.18.2

    In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present

  • CVE-2016-8743HigJul 27, 2017
    affected < 2.4.23-29.24.1fixed 2.4.23-29.24.1

    Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or inter

Page 3 of 3