Search for packages
| purl | pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.17 |
| Next non-vulnerable version | 2.4.41-4ubuntu3.6 |
| Latest non-vulnerable version | 2.4.41-4ubuntu3.6 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2dyn-1fxu-aaaa
Aliases: CVE-2020-13950 |
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service |
Affected by 5 other vulnerabilities. |
|
VCID-38cq-p1jy-aaag
Aliases: CVE-2021-30641 |
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' |
Affected by 5 other vulnerabilities. |
|
VCID-6cg8-antz-aaap
Aliases: CVE-2021-26690 |
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service |
Affected by 5 other vulnerabilities. |
|
VCID-7n9g-cb8b-aaaa
Aliases: CVE-2020-1934 |
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. |
Affected by 10 other vulnerabilities. |
|
VCID-9u3h-a9qk-aaab
Aliases: CVE-2019-10098 |
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. |
Affected by 15 other vulnerabilities. |
|
VCID-aruc-3t3r-aaan
Aliases: CVE-2021-40438 |
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. |
Affected by 0 other vulnerabilities. |
|
VCID-cspd-eg4d-aaaf
Aliases: CVE-2021-26691 |
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow |
Affected by 5 other vulnerabilities. |
|
VCID-cwce-397z-aaak
Aliases: CVE-2020-11993 |
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. |
Affected by 10 other vulnerabilities. |
|
VCID-cwwm-tz2r-aaan
Aliases: CVE-2019-0220 |
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. |
Affected by 17 other vulnerabilities. |
|
VCID-dt6a-dc5k-aaak
Aliases: CVE-2020-11984 |
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE |
Affected by 10 other vulnerabilities. |
|
VCID-fccq-2kpj-aaap
Aliases: CVE-2021-36160 |
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). |
Affected by 1 other vulnerability. |
|
VCID-kcnv-z2rj-aaaa
Aliases: CVE-2021-39275 |
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. |
Affected by 1 other vulnerability. |
|
VCID-ncxa-2sp4-aaam
Aliases: CVE-2019-10092 |
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. |
Affected by 15 other vulnerabilities. |
|
VCID-qz6b-x9ps-aaae
Aliases: CVE-2020-35452 |
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow |
Affected by 5 other vulnerabilities. |
|
VCID-rdww-rdku-aaas
Aliases: CVE-2020-1927 |
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. |
Affected by 10 other vulnerabilities. |
|
VCID-tnr1-zca1-aaaq
Aliases: CVE-2021-34798 |
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. |
Affected by 1 other vulnerability. |
|
VCID-ytrc-wygq-aaaf
Aliases: CVE-2020-9490 |
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. |
Affected by 10 other vulnerabilities. |
|
VCID-z9au-scjh-aaae
Aliases: CVE-2021-33193 |
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|