Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 615
Alerts This Week
Warning Icon 1 615

Debian Wheezy DLA-1389-1 Moderate: Apache2 Denial of Service Fix

debian lts
Calendar Grey May 30, 2018
Dist Debian Esm H88
Multiple security flaws addressed in apache2 for Debian Wheezy. Update advised to maintain optimal security.
Several vulnerabilities have been found in the Apache HTTPD server

Summary

CVE-2017-15710

Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if
configured with AuthLDAPCharsetConfig, could cause an of bound write
if supplied with a crafted Accept-Language header. This could
potentially be used for a Denial of Service attack.

CVE-2018-1301

Robert Swiecki reported that a specially crafted request could have
crashed the Apache HTTP Server, due to an out of bound access after
a size limit is reached by reading the HTTP header.
CVE-2018-1312

Nicolas Daniels discovered that when generating an HTTP Digest
authentication challenge, the nonce sent by mod_auth_digest to
prevent reply attacks was not correctly generated using a
pseudo-random seed. In a cluster of servers using a common Digest
authentication configuration, HTTP requests could be replayed across
servers by an attacker without detection.


For Debian 7 "Wheezy", these problems have been fixed in version
2.2.22-13+deb7u13.

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: apache2
Version: 2.2.22-13+deb7u13
CVE ID: CVE-2017-15710 CVE-2018-1301 CVE-2018-1312
Debian Bug:

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.