- Home
- CVEs with nessus.description==According to the versions of the httpd packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and
2.4.0 to 2.4.29, mod_authnz_ldap, if configured with
AuthLDAPCharsetConfig, uses the Accept-Language header
value to lookup the right charset encoding when
verifying the user's credentials. If the header value
is not present in the charset conversion table, a
fallback mechanism is used to truncate it to a two
characters value to allow a quick retry (for example,
'en-US' is truncated to 'en'). A header value of less
than two characters forces an out of bound write of one
NUL byte to a memory location that is not part of the
string. In the worst case, quite unlikely, the process
would crash which could be used as a Denial of Service
attack. In the more likely case, this memory is already
reserved for future use and the issue has no effect at
all.(CVE-2017-15710)
- In Apache httpd 2.4.0 to 2.4.29, the expression
specified in could match '$' to a newline character in
a malicious filename, rather than matching only the end
of the filename. This could be exploited in
environments where uploads of some files are are
externally blocked, but only by matching the trailing
portion of the filename.(CVE-2017-15715)
- In Apache httpd 2.2.0 to 2.4.29, when generating an
HTTP Digest authentication challenge, the nonce sent to
prevent reply attacks was not correctly generated using
a pseudo-random seed. In a cluster of servers using a
common Digest authentication configuration, HTTP
requests could be replayed across servers by an
attacker without detection.(CVE-2018-1312)
- A specially crafted HTTP request header could have
crashed the Apache HTTP Server prior to version 2.4.30
due to an out of bound read while preparing data to be
cached in shared memory. It could be used as a Denial
of Service attack against users of mod_cache_socache.
The vulnerability is considered as low risk since
mod_cache_socache is not widely used, mod_cache_disk is
not concerned by this vulnerability.(CVE-2018-1303)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top