Search for packages
| purl | pkg:alpm/archlinux/apache@2.4.48-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9u53-b79b-cfgd
Aliases: CVE-2021-34798 |
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. |
Affected by 2 other vulnerabilities. |
|
VCID-db6k-j9mj-e7hy
Aliases: CVE-2021-33193 |
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. |
Affected by 2 other vulnerabilities. |
|
VCID-mtg7-8556-kbgd
Aliases: CVE-2021-40438 |
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. |
Affected by 2 other vulnerabilities. |
|
VCID-rdtq-8ng5-53fn
Aliases: CVE-2021-36160 |
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). |
Affected by 2 other vulnerabilities. |
|
VCID-wrw6-uzz4-rkfb
Aliases: CVE-2021-39275 |
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6b7y-562y-suce | Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released. |
CVE-2021-31618
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:25:31.089116+00:00 | Arch Linux Importer | Fixing | VCID-6b7y-562y-suce | https://security.archlinux.org/AVG-2041 | 38.0.0 |
| 2026-04-01T18:25:20.834135+00:00 | Arch Linux Importer | Affected by | VCID-db6k-j9mj-e7hy | https://security.archlinux.org/AVG-2289 | 38.0.0 |
| 2026-04-01T18:25:20.812240+00:00 | Arch Linux Importer | Affected by | VCID-9u53-b79b-cfgd | https://security.archlinux.org/AVG-2289 | 38.0.0 |
| 2026-04-01T18:25:20.787761+00:00 | Arch Linux Importer | Affected by | VCID-rdtq-8ng5-53fn | https://security.archlinux.org/AVG-2289 | 38.0.0 |
| 2026-04-01T18:25:20.764994+00:00 | Arch Linux Importer | Affected by | VCID-wrw6-uzz4-rkfb | https://security.archlinux.org/AVG-2289 | 38.0.0 |
| 2026-04-01T18:25:20.742075+00:00 | Arch Linux Importer | Affected by | VCID-mtg7-8556-kbgd | https://security.archlinux.org/AVG-2289 | 38.0.0 |