| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-9490 | 5.0 |
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via
|
07-10-2022 - 12:58 | 07-08-2020 - 16:15 | |
| CVE-2019-10082 | 6.4 |
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
|
25-07-2022 - 18:15 | 26-09-2019 - 16:15 | |
| CVE-2019-10092 | 4.3 |
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only
|
09-09-2021 - 01:05 | 26-09-2019 - 16:15 | |
| CVE-2019-10097 | 6.0 |
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulner
|
07-07-2021 - 19:01 | 26-09-2019 - 16:15 | |
| CVE-2019-10098 | 5.8 |
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
|
14-06-2021 - 18:15 | 25-09-2019 - 17:15 | |
| CVE-2020-11984 | 7.5 |
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
|
06-06-2021 - 11:15 | 07-08-2020 - 16:15 | |
| CVE-2020-11993 | 4.3 |
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev
|
06-06-2021 - 11:15 | 07-08-2020 - 16:15 | |
| CVE-2020-11985 | 4.3 |
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in
|
06-06-2021 - 11:15 | 07-08-2020 - 16:15 | |
| CVE-2019-10081 | 5.0 |
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header value
|
06-06-2021 - 11:15 | 15-08-2019 - 22:15 | |
| CVE-2019-0217 | 6.0 |
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio
|
06-06-2021 - 11:15 | 08-04-2019 - 21:29 | |
| CVE-2019-0215 | 6.0 |
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
|
06-06-2021 - 11:15 | 08-04-2019 - 20:29 | |
| CVE-2019-0211 | 7.2 |
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with
|
06-06-2021 - 11:15 | 08-04-2019 - 22:29 |