Vulnerabilities > Apache > Http Server

DATE CVE VULNERABILITY TITLE RISK
2018-03-26 CVE-2018-1312 Improper Authentication vulnerability in multiple products
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed.
network
low complexity
apache canonical debian netapp redhat CWE-287
critical
9.8
2018-03-26 CVE-2018-1303 Out-of-bounds Read vulnerability in multiple products
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory.
network
low complexity
apache debian canonical netapp CWE-125
7.5
2018-03-26 CVE-2018-1302 NULL Pointer Dereference vulnerability in multiple products
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory.
network
high complexity
apache canonical netapp CWE-476
5.9
2018-03-26 CVE-2018-1301 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header.
network
high complexity
apache debian canonical netapp redhat CWE-119
5.9
2018-03-26 CVE-2018-1283 In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header.
network
high complexity
apache debian canonical netapp redhat
5.3
2018-03-26 CVE-2017-15715 Improper Input Validation vulnerability in multiple products
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename.
network
high complexity
apache debian canonical netapp redhat CWE-20
8.1
2018-03-26 CVE-2017-15710 Out-of-bounds Write vulnerability in multiple products
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials.
network
low complexity
apache debian canonical netapp redhat CWE-787
7.5
2018-03-09 CVE-2016-8612 Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
low complexity
apache redhat netapp
4.3
2017-09-18 CVE-2017-9798 Use After Free vulnerability in multiple products
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed.
network
low complexity
apache debian CWE-416
7.5
2017-07-27 CVE-2016-8743 Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers.
network
low complexity
apache netapp debian redhat
7.5