- Home
- CVEs with nessus.description==USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update
provides the corresponding updates for Ubuntu 18.04 LTS.
Original advisory details :
Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server
mod_authnz_ldap module incorrectly handled missing charset encoding
headers. A remote attacker could possibly use this issue to cause the
server to crash, resulting in a denial of service. (CVE-2017-15710)
Elar Lang discovered that the Apache HTTP Server incorrectly handled
certain characters specified in <FilesMatch>. A remote attacker could
possibly use this issue to upload certain files, contrary to
expectations. (CVE-2017-15715) It was discovered that the Apache HTTP
Server mod_session module incorrectly handled certain headers. A
remote attacker could possibly use this issue to influence session
data. (CVE-2018-1283) Robert Swiecki discovered that the Apache HTTP
Server incorrectly handled certain requests. A remote attacker could
possibly use this issue to cause the server to crash, leading to a
denial of service. (CVE-2018-1301) Robert Swiecki discovered that the
Apache HTTP Server mod_cache_socache module incorrectly handled
certain headers. A remote attacker could possibly use this issue to
cause the server to crash, leading to a denial of service.
(CVE-2018-1303) Nicolas Daniels discovered that the Apache HTTP Server
incorrectly generated the nonce when creating HTTP Digest
authentication challenges. A remote attacker could possibly use this
issue to replay HTTP requests across a cluster of servers.
(CVE-2018-1312).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top