VYPR

rpm package

suse/apache2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4

pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Vulnerabilities (44)

  • CVE-2019-0217Apr 8, 2019
    affected < 2.4.23-29.40.1fixed 2.4.23-29.40.1

    In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

  • CVE-2018-17199Jan 30, 2019
    affected < 2.4.23-29.34.4fixed 2.4.23-29.34.4

    In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

  • CVE-2018-17189Jan 30, 2019
    affected < 2.4.23-29.34.4fixed 2.4.23-29.34.4

    In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

  • CVE-2018-11763MedSep 25, 2018
    affected < 2.4.23-29.27.2fixed 2.4.23-29.27.2

    In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 p

Page 3 of 3