VYPR

rpm package

suse/apache2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (49)

  • CVE-2018-1301MedMar 26, 2018
    affected < 2.4.23-29.18.2fixed 2.4.23-29.18.2

    A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both l

  • CVE-2018-1283MedMar 26, 2018
    affected < 2.4.23-29.18.2fixed 2.4.23-29.18.2

    In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_se

  • CVE-2017-15715HigMar 26, 2018
    affected < 2.4.23-29.18.2fixed 2.4.23-29.18.2

    In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally bloc

  • CVE-2017-15710HigMar 26, 2018
    affected < 2.4.23-29.18.2fixed 2.4.23-29.18.2

    In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present

  • CVE-2017-9798HigSep 18, 2017
    affected < 2.4.23-29.6.1fixed 2.4.23-29.6.1

    Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27

  • CVE-2016-8743HigJul 27, 2017
    affected < 2.4.23-29.24.1fixed 2.4.23-29.24.1

    Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or inter

  • CVE-2017-7659HigJul 26, 2017
    affected < 2.4.23-29.13.1fixed 2.4.23-29.13.1

    A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.

  • CVE-2017-9789HigJul 13, 2017
    affected < 2.4.23-29.13.1fixed 2.4.23-29.13.1

    When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.

  • CVE-2017-9788CriJul 13, 2017
    affected < 2.4.23-29.3.2fixed 2.4.23-29.3.2

    In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could

Page 3 of 3