Search CVE reports
161 – 170 of 293 results
CVE-2015-0253
Medium priorityThe read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and...
1 affected packages
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |
CVE-2015-3185
Medium prioritySome fixes available 2 of 3
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting,...
1 affected packages
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |
CVE-2015-3183
Medium prioritySome fixes available 3 of 4
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related...
1 affected packages
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |
CVE-2015-4000
Medium prioritySome fixes available 48 of 55
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks...
11 affected packages
apache2, firefox, gnutls26, gnutls28, nss...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | Not affected | Not affected |
firefox | — | — | — | Fixed | Fixed |
gnutls26 | — | — | — | Not in release | Not in release |
gnutls28 | — | — | — | Not affected | Not affected |
nss | — | — | — | Fixed | Fixed |
openjdk-6 | — | — | — | Not in release | Not in release |
openjdk-7 | — | — | — | Not in release | Not in release |
openjdk-8 | — | — | — | Not affected | Not affected |
openssl | — | — | — | Not affected | Not affected |
openssl098 | — | — | — | Not in release | Not in release |
thunderbird | — | — | — | Fixed | Fixed |
CVE-2015-0228
Low priorityThe lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame...
1 affected packages
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |
CVE-2014-8109
Low prioritymod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different...
1 affected packages
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |
CVE-2014-3583
Low priorityThe handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
1 affected packages
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |
CVE-2014-8566
Medium priorityThe mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving...
1 affected packages
libapache2-mod-auth-mellon
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libapache2-mod-auth-mellon | — | — | — | Not affected | Not affected |
CVE-2014-8567
Medium priorityThe mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
1 affected packages
libapache2-mod-auth-mellon
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libapache2-mod-auth-mellon | — | — | — | Not affected | Not affected |
CVE-2014-3581
Low priorityThe cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application...
1 affected packages
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |