Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Debian: DSA-4422-1 Moderate: Apache2 Denial Of Service Advisory

debian
Calendar Grey April 3, 2019
Debian Logo
- ------------------------------------------------------------------------- Debian Security Advisory
Several vulnerabilities have been found in the Apache HTTP server

Summary

CVE-2018-17189

Gal Goldshtein of F5 Networks discovered a denial of service
vulnerability in mod_http2. By sending malformed requests, the
http/2 stream for that request unnecessarily occupied a server
thread cleaning up incoming data, resulting in denial of service.

CVE-2018-17199

Diego Angulo from ImExHS discovered that mod_session_cookie does not
respect expiry time.

CVE-2019-0196

Craig Young discovered that the http/2 request handling in mod_http2
could be made to access freed memory in string comparison when
determining the method of a request and thus process the request
incorrectly.

CVE-2019-0211

Charles Fol discovered a privilege escalation from the
less-privileged child process to the parent process running as root.

CVE-2019-0217

A race condition in mod_auth_digest when running in a threaded
server could allow a user with valid credentials to authenticate
using another username, bypassing configured access control
restrictions. Th...

Read the Full Advisory

Package: apache2
CVE ID: CVE-2018-17189 CVE-2018-17199 CVE-2019-0196 CVE-2019-0211

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.