Search for packages
| purl | pkg:alpm/archlinux/apache@2.4.48-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-aruc-3t3r-aaan
Aliases: CVE-2021-40438 |
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. |
Affected by 2 other vulnerabilities. |
|
VCID-fccq-2kpj-aaap
Aliases: CVE-2021-36160 |
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). |
Affected by 2 other vulnerabilities. |
|
VCID-kcnv-z2rj-aaaa
Aliases: CVE-2021-39275 |
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. |
Affected by 2 other vulnerabilities. |
|
VCID-tnr1-zca1-aaaq
Aliases: CVE-2021-34798 |
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. |
Affected by 2 other vulnerabilities. |
|
VCID-z9au-scjh-aaae
Aliases: CVE-2021-33193 |
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-vxz1-6nus-aaaf | Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released. |
CVE-2021-31618
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T07:45:35.528563+00:00 | Arch Linux Importer | Fixing | VCID-vxz1-6nus-aaaf | https://security.archlinux.org/AVG-2041 | 36.0.0 |
| 2025-03-28T07:45:27.355094+00:00 | Arch Linux Importer | Affected by | VCID-z9au-scjh-aaae | https://security.archlinux.org/AVG-2289 | 36.0.0 |
| 2025-03-28T07:45:27.336388+00:00 | Arch Linux Importer | Affected by | VCID-tnr1-zca1-aaaq | https://security.archlinux.org/AVG-2289 | 36.0.0 |
| 2025-03-28T07:45:27.317601+00:00 | Arch Linux Importer | Affected by | VCID-fccq-2kpj-aaap | https://security.archlinux.org/AVG-2289 | 36.0.0 |
| 2025-03-28T07:45:27.299029+00:00 | Arch Linux Importer | Affected by | VCID-kcnv-z2rj-aaaa | https://security.archlinux.org/AVG-2289 | 36.0.0 |
| 2025-03-28T07:45:27.280464+00:00 | Arch Linux Importer | Affected by | VCID-aruc-3t3r-aaan | https://security.archlinux.org/AVG-2289 | 36.0.0 |
| 2024-09-18T02:00:33.518772+00:00 | Arch Linux Importer | Fixing | VCID-vxz1-6nus-aaaf | https://security.archlinux.org/AVG-2041 | 34.0.1 |
| 2024-09-18T02:00:23.395752+00:00 | Arch Linux Importer | Affected by | VCID-z9au-scjh-aaae | https://security.archlinux.org/AVG-2289 | 34.0.1 |
| 2024-09-18T02:00:23.373170+00:00 | Arch Linux Importer | Affected by | VCID-tnr1-zca1-aaaq | https://security.archlinux.org/AVG-2289 | 34.0.1 |
| 2024-09-18T02:00:23.348804+00:00 | Arch Linux Importer | Affected by | VCID-fccq-2kpj-aaap | https://security.archlinux.org/AVG-2289 | 34.0.1 |
| 2024-09-18T02:00:23.324523+00:00 | Arch Linux Importer | Affected by | VCID-kcnv-z2rj-aaaa | https://security.archlinux.org/AVG-2289 | 34.0.1 |
| 2024-09-18T02:00:23.299363+00:00 | Arch Linux Importer | Affected by | VCID-aruc-3t3r-aaan | https://security.archlinux.org/AVG-2289 | 34.0.1 |
| 2024-04-23T19:47:31.897938+00:00 | Arch Linux Importer | Fixing | VCID-vxz1-6nus-aaaf | https://security.archlinux.org/AVG-2041 | 34.0.0rc4 |
| 2024-01-03T22:26:50.169481+00:00 | Arch Linux Importer | Fixing | VCID-vxz1-6nus-aaaf | https://security.archlinux.org/AVG-2041 | 34.0.0rc1 |
| 2024-01-03T22:26:38.868629+00:00 | Arch Linux Importer | Affected by | VCID-z9au-scjh-aaae | https://security.archlinux.org/AVG-2289 | 34.0.0rc1 |
| 2024-01-03T22:26:38.846810+00:00 | Arch Linux Importer | Affected by | VCID-tnr1-zca1-aaaq | https://security.archlinux.org/AVG-2289 | 34.0.0rc1 |
| 2024-01-03T22:26:38.824792+00:00 | Arch Linux Importer | Affected by | VCID-fccq-2kpj-aaap | https://security.archlinux.org/AVG-2289 | 34.0.0rc1 |
| 2024-01-03T22:26:38.800758+00:00 | Arch Linux Importer | Affected by | VCID-kcnv-z2rj-aaaa | https://security.archlinux.org/AVG-2289 | 34.0.0rc1 |
| 2024-01-03T22:26:38.778817+00:00 | Arch Linux Importer | Affected by | VCID-aruc-3t3r-aaan | https://security.archlinux.org/AVG-2289 | 34.0.0rc1 |