apache2 (SUSE:Linux Enterprise Software Development Kit 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP3 package apache2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (22)
CVE-2018-1312 — CVSS 9.8 (critical): In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not…
CVE-2017-9788 — CVSS 9.1 (critical): In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not…
CVE-2017-15715 — CVSS 8.1 (high): In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename…
CVE-2018-1333 — CVSS 7.5 (high): By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a…
CVE-2016-8743 — CVSS 7.5 (high): Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response…
CVE-2019-0217 — CVSS 7.5 (high): In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a…
CVE-2017-15710 — CVSS 7.5 (high): In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the…
CVE-2018-1303 — CVSS 7.5 (high): A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while…
CVE-2017-9798 — CVSS 7.5 (high): Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file…
CVE-2018-17199 — CVSS 7.5 (high): In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes…
CVE-2017-7659 — CVSS 7.5 (high): A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash…
CVE-2017-9789 — CVSS 7.5 (high): When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has…
CVE-2016-4975 — CVSS 6.1 (medium): Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made…
CVE-2018-1302 — CVSS 5.9 (medium): When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer…
CVE-2018-11763 — CVSS 5.9 (medium): In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and…
CVE-2018-1301 — CVSS 5.9 (medium): A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size…
CVE-2019-0196 — CVSS 5.3 (medium): A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to…
CVE-2018-17189 — CVSS 5.3 (medium): In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that…
CVE-2018-1283 — CVSS 5.3 (medium): In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the…
CVE-2019-0220 — CVSS 5.3 (medium): A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive…
CVE-2019-0197 — CVSS 4.2 (medium): A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2…