Explore top 10 tips to secure your open-source projects now. Read More
×CVE-2018-17189
Gal Goldshtein of F5 Networks discovered a denial of service
vulnerability in mod_http2. By sending malformed requests, the
http/2 stream for that request unnecessarily occupied a server
thread cleaning up incoming data, resulting in denial of service.
CVE-2018-17199
Diego Angulo from ImExHS discovered that mod_session_cookie does not
respect expiry time.
CVE-2019-0196
Craig Young discovered that the http/2 request handling in mod_http2
could be made to access freed memory in string comparison when
determining the method of a request and thus process the request
incorrectly.
CVE-2019-0211
Charles Fol discovered a privilege escalation from the
less-privileged child process to the parent process running as root.
CVE-2019-0217
A race condition in mod_auth_digest when running in a threaded
server could allow a user with valid credentials to authenticate
using another username, bypassing configured access control
restrictions. Th...
Get the latest Linux and open source security news straight to your inbox.