Tag: mod_session_cookie

ASA-2019-00027 – Apache HTTP Server: mod_session_cookie does not respect expiry time

Posted on January 23, 2019October 2, 2019 by Allele Security Intelligence in Alerts

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

Tagged Apache HTTP Server, Apache Software Foundation, ASA-2019-00027, Cookie Expiration, CVE-2018-17199, mod_session_cookie

Twitter
Github
Linkedin
RSS

Services

Vulnerability and Threat Intelligence

Threat Modeling and Risk Assessment

Training

Kernel exploitation

Kernel development

Userland exploitation

Publications

Redução da superfície de ataque ao kernel do Linux – SEMCOMP 2019

Introdução à pesquisa em vulnerabilidades no núcleo do Linux – EnSI 2018

Introdução à pesquisa em vulnerabilidades no núcleo do Linux – RoadSec Salvador 2018

Rootkits em kernel space – Redshift, um rootkit para o kernel do FreeBSD

Public proofs of concept

CVE-2012-0217

CVE-2012-4576

latest security alerts

ASA-2020-00051 – Linux kernel: vsyscall page refcounting error September 16, 2020
ASA-2020-00050 – Linux kernel: Use-after-free vulnerability in cgroup BPF component September 16, 2020
ASA-2020-00049 – Linux kernel: Kernel stack information leak on s390/s390x platform September 12, 2020

Subscribe to our Blog

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Email Address

Exit mobile version