Description
openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys.
openssl: timing side channel attack in the DSA signature algorithm.
mod_auth_digest: access control bypass due to race condition.
openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash).
mod_session_cookie does not respect expiry time.
mod_http2: DoS via slow, unneeded request bodies.
mod_http2: possible crash on late upgrade.
mod_http2: read-after-free on a string compare.
nghttp2: HTTP/2: large amount of data request leads to denial of service.
nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption.
mod_http2: HTTP/2: 0-length headers leads to denial of service.
mod_http2: HTTP/2: request for large response leads to denial of service.