FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache -- vulnerability

Affected packages
apache24 < 2.4.38

Details

VuXML ID eb888ce5-1f19-11e9-be05-4c72b94353b5
Discovery 2019-01-22
Entry 2019-01-23

The Apache httpd Project reports:

SECURITY: CVE-2018-17199 mod_session: mod_session_cookie does not respect expiry time allowing sessions to be reused.

SECURITY: CVE-2019-0190 mod_ssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and later. PR 63052.

SECURITY: CVE-2018-17189 mod_http2: fixes a DoS attack vector. By sending slow request bodies to resources not consuming them, httpd cleanup code occupies a server thread unnecessarily. This was changed to an immediate stream reset which discards all stream state and incoming data.

References

CVE Name CVE-2018-17189
CVE Name CVE-2018-17199
CVE Name CVE-2019-0190
URL http://httpd.apache.org/security/vulnerabilities_24.html
URL http://www.apache.org/dist/httpd/CHANGES_2.4.38