VYPR

rpm package

suse/apache2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1

pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Vulnerabilities (22)

  • CVE-2017-3167CriJun 20, 2017
    affected < 2.4.16-20.10.1fixed 2.4.16-20.10.1

    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

  • CVE-2016-5387HigJul 19, 2016
    affected < 2.4.16-7.1fixed 2.4.16-7.1

    The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traff

Page 2 of 2