CVE-2021-26690 mod_session NULL pointer dereference

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...

CVE-2021-26690

CVE-2021-26690 affects Apache HTTP Server 2.4.0–2.4.46 due to a NULL pointer dereference in mod_session when parsing a crafted Cookie header, leading to Denial of Service. Public advisories and vendor pages confirm a patch exists in newer httpd releases (e.g., 2.4.46+/2.4.51 in various distributi...

CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

CVE-2020-35452

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

CVE-2020-13950

CVE-2020-13950 affects Apache HTTP Server (httpd) mod_proxy_http, with versions 2.4.41–2.4.46 vulnerable to a NULL pointer dereference triggered by specially crafted requests using both Content-Length and Transfer-Encoding headers, causing Denial of Service. Connected documents confirm impact as ...

CVE-2020-35452

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

CVE-2020-35452 mod_auth_digest possible stack overflow by one nul byte

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

EUVD-2020-23126

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

CVE-2020-35452

The CVE-2020-35452 entry concerns Apache HTTP Server 2.4.0–2.4.46, where a specially crafted Digest nonce can trigger a stack overflow in mod_auth_digest. The description notes there was no reported exploit against Apache at the time, though certain compiler/compile options might enable it with l...

CVE-2020-13950 mod_proxy_http NULL pointer dereference

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

CVE-2020-13938

Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows...

CVE-2020-13938

Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows...

CVE-2020-13938

CVE-2020-13938 affects Apache HTTP Server 2.4.0–2.4.46. The vulnerability allows unprivileged local users to stop the httpd service on Windows. The connected sources confirm the affected product family and the local-access impact, with public advisories referencing Microsoft Windows behavior and ...

CVE-2020-13938 Improper Handling of Insufficient Privileges

Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows...

CVE-2019-17567

CVE-2019-17567 affects Apache HTTP Server 2.4.x where mod_proxy_wstunnel on a URL not guaranteed to be upgraded by the origin server tunnels the entire connection, allowing subsequent requests on the same TCP connection to bypass HTTP validation, authentication, or authorization. Public reference...

CVE-2019-17567 mod_proxy_wstunnel tunneling of non Upgraded connections

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2020:14398-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14398-1 advisory. - Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231,...

Apache HTTP Server 2.4.39 - 2.4.46 Unexpected URL Matching Vulnerability - Windows

Apache HTTP Server is prone to an unexpected URL matching vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...