Vulnerability & Exploit Database

Displaying all 6 entries

Results for: CVE-2018-17199 Back to search

Debian: CVE-2018-17199: apache2 -- security update Vulnerability

  • Severity: 5
  • Published: January 30, 2019

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

Apache HTTPD: mod_session_cookie does not respect expiry time (CVE-2018-17199) Vulnerability

  • Severity: 5
  • Published: January 24, 2019

The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_session_cookie. Review your web server configuration for validation. In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time t...

Alpine Linux: CVE-2018-17199: apache2 Multiple vulnerabilities Vulnerability

  • Severity: 5
  • Published: January 24, 2019

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6 Vulnerability

  • Severity: 1
  • Published: November 10, 2010

This is a placeholder for all CVEs that are not relevant for one reason or another on Red Hat Enterprise Linux 6. Oftentimes Red Hat makes this determination because the affected software was shipped, built or configured in a manner that it made it invulnerable to a given vulnerability.

Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5 Vulnerability

  • Severity: 1
  • Published: March 15, 2007

This is a placeholder for all CVEs that are not relevant for one reason or another on Red Hat Enterprise Linux 5. Oftentimes Red Hat makes this determination because the affected software was shipped, built or configured in a manner that it made it invulnerable to a given vulnerability.