Back to search
CVE-2018-17199
Published: Jan 30, 2019
Modified: Sep 16, 2024
PUBLISHED
Description
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache HTTP Server | affected Apache HTTP Server 2.4.0 to 2.4.37 |
References
[debian-lts-announce] 20190129 [SECURITY] [DLA 1647-1] apache2 security update
mailing-list
x_refsource_MLIST
106742
vdb-entry
x_refsource_BID
https://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190125-0001/
x_refsource_CONFIRM
GLSA-201903-21
vendor-advisory
x_refsource_GENTOO
20190403 [SECURITY] [DSA 4422-1] apache2 security update
mailing-list
x_refsource_BUGTRAQ
USN-3937-1
vendor-advisory
x_refsource_UBUNTU
DSA-4422
vendor-advisory
x_refsource_DEBIAN
RHSA-2019:3933
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3935
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3932
vendor-advisory
x_refsource_REDHAT
RHSA-2019:4126
vendor-advisory
x_refsource_REDHAT
https://www.tenable.com/security/tns-2019-09
x_refsource_CONFIRM
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now