An information disclosure flaw was found in the way the Apache HTTP Server processed request chunked encoding. An attacker could use this flaw to perform a request for a .htaccess file to Apache HTTP Server, which could then be processed by a PHP script. This could result in disclosure of source code or data. (CVE-2018-5712) An information disclosure flaw was found in the way the Apache HTTP Server parsed request chunked encoding. An attacker could use this flaw to produce a server response containing sensitive information about the configuration of the Apache HTTP Server. (CVE-2018-5711) An information disclosure flaw was found in the way the MySQL protocol parser processed certain data within the comments field of a MySQL request. An attacker could use this flaw to retrieve some of the contents of the query request. (CVE-2018-5714) An information disclosure flaw was found in the way MySQL handled function definitions within request data. An attacker could use this flaw to retrieve some of the contents of the query request. (CVE-2018-5717) An information disclosure flaw was found in the way MySQL handled function definitions within request data when parsing certain types of requests. An attacker could use this flaw to retrieve some of the contents of the query request. (CVE-2018-5718) An information disclosure flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled invalid certificates

Modules affected mod_http2 mod_ssl mod_socache_memcache

Description of the vulnerability

An information disclosure flaw was found in the way the Apache HTTP Server processed request chunked encoding. An attacker could use this flaw to perform a request for a .htaccess file to Apache HTTP Server, which could then be processed by a PHP script. This could result in disclosure of source code or data. (CVE-2018-5712) An information disclosure flaw was found in the way the Apache HTTP Server parsed request chunked encoding. An attacker could use this flaw to produce a server response containing sensitive information about the configuration of the Apache HTTP Server. (CVE-2018-5711)

Timeline

Published on: 04/19/2022 21:15:00 UTC
Last modified on: 04/27/2022 20:56:00 UTC

References