Show filters
486 Total Results
Displaying 161-170 of 486
Sort by:
Attacker Value
Unknown

CVE-2018-17189

Disclosure Date: January 30, 2019 (last updated November 08, 2023)
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.
Attacker Value
Unknown

CVE-2019-0190

Disclosure Date: January 30, 2019 (last updated November 08, 2023)
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.
Attacker Value
Unknown

CVE-2019-2414

Disclosure Date: January 16, 2019 (last updated November 27, 2024)
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
0
Attacker Value
Unknown

CVE-2018-11763

Disclosure Date: September 25, 2018 (last updated November 08, 2023)
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
0
Attacker Value
Unknown

CVE-2016-4975

Disclosure Date: August 14, 2018 (last updated November 08, 2023)
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
0
Attacker Value
Unknown

CVE-2017-12171

Disclosure Date: July 26, 2018 (last updated November 27, 2024)
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.
0
Attacker Value
Unknown

CVE-2018-1333

Disclosure Date: July 17, 2018 (last updated November 08, 2023)
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
0
Attacker Value
Unknown

CVE-2018-8011

Disclosure Date: July 17, 2018 (last updated November 08, 2023)
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).
0
Attacker Value
Unknown

CVE-2018-3713

Disclosure Date: June 07, 2018 (last updated November 26, 2024)
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.
Attacker Value
Unknown

CVE-2018-2415

Disclosure Date: May 09, 2018 (last updated November 26, 2024)
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.
0