Apache » Http Server » 2.4.6 : Security Vulnerabilities (Denial Of Service) (CVSS score >= 6)
Cpe Name:
cpe:/a:apache:http_server:2.4.6
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2017-9788 |
20 |
|
DoS +Info |
2017-07-13 |
2018-01-04 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. |
2 |
CVE-2014-0226 |
362 |
1
|
DoS Exec Code Overflow +Info |
2014-07-20 |
2017-12-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. |
Total number of vulnerabilities :
2
Page :
1
(This Page)