| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-1312 | 6.8 |
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication con
|
07-09-2022 - 17:45 | 26-03-2018 - 15:29 | |
| CVE-2018-1301 | 4.3 |
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to tri
|
06-06-2021 - 11:15 | 26-03-2018 - 15:29 | |
| CVE-2017-15710 | 5.0 |
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If th
|
06-06-2021 - 11:15 | 26-03-2018 - 15:29 | |
| CVE-2019-0217 | 6.0 |
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio
|
06-06-2021 - 11:15 | 08-04-2019 - 21:29 |