Debian: DSA-4509-1 Moderate: Apache2 Denial Of Service, Memory Issues
debian
August 26, 2019
Several vulnerabilities have been found in the Apache HTTPD server
Summary
CVE-2019-9517
Jonathan Looney reported that a malicious client could perform a
denial of service attack (exhausting h2 workers) by flooding a
connection with requests and basically never reading responses on
the TCP connection.
CVE-2019-10081
Craig Young reported that HTTP/2 PUSHes could lead to an overwrite
of memory in the pushing request's pool, leading to crashes.
CVE-2019-10082
Craig Young reported that the HTTP/2 session handling could be made
to read memory after being freed, during connection shutdown.
CVE-2019-10092
Matei "Mal" Badanoiu reported a limited cross-site scripting
vulnerability in the mod_proxy error page.
CVE-2019-10097
Daniel McCarney reported that when mod_remoteip was configured to
use a trusted intermediary proxy server using the "PROXY" protocol,
a specially crafted PROXY header could trigger a stack buffer
overflow or NULL pointer deference. This vulnerability could only be
triggered by a trusted proxy and not by u...
PREVIOUS
NEXT
Package: apache2
CVE ID: CVE-2019-9517 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!