VYPR

rpm package

suse/apache2&distro=SUSE Linux Enterprise Software Development Kit 12

pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Vulnerabilities (8)

  • CVE-2015-3185Jul 20, 2015
    affected < 2.4.10-14.10.1fixed 2.4.10-14.10.1

    The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended

  • CVE-2015-3183Jul 20, 2015
    affected < 2.4.10-14.10.1fixed 2.4.10-14.10.1

    The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid c

  • CVE-2015-4000LowMay 21, 2015
    affected < 2.4.10-14.10.1fixed 2.4.10-14.10.1

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D

  • CVE-2014-8111Apr 21, 2015
    affected < 2.4.10-14.10.1fixed 2.4.10-14.10.1

    Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

  • CVE-2015-0228Mar 8, 2015
    affected < 2.4.10-12.1fixed 2.4.10-12.1

    The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade functio

  • CVE-2014-8109Dec 29, 2014
    affected < 2.4.10-12.1fixed 2.4.10-12.1

    mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intend

  • CVE-2014-3581Oct 10, 2014
    affected < 2.4.10-12.1fixed 2.4.10-12.1

    The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

  • CVE-2013-5704Apr 15, 2014
    affected < 2.4.10-12.1fixed 2.4.10-12.1

    The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such