CVE-2021-26690

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...

CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

CVE-2021-30641

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

Code injection

Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows...

UBUNTU-CVE-2021-30641

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

Stack overflow

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

Authentication flaw

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

Null pointer dereference

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...

CVE-2021-30641

CVE-2021-30641 affects Apache HTTP Server 2.4.39–2.4.46 with unexpected matching behavior when MergeSlashes OFF. Connected sources indicate patched versions: Debian fixes in 2.4.38-based packages, AlmaLinux/RedHat advisories reference a fix in Apache 2.4.51 for supported Check Point versions, and...

CVE-2021-30641 Unexpected URL matching with 'MergeSlashes OFF'

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

CVE-2021-30641

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

CVE-2021-26691

CVE-2021-26691 affects Apache HTTP Server, where a crafted SessionHeader can cause a heap overflow in 2.4.0–2.4.46. Several connected advisories indicate that updates have been released (e.g., AlmaLinux/CentOS/Red Hat ecosystems) and that newer Apache HTTP Server versions (e.g., 2.4.51 in Check P...

CVE-2021-26691 Apache HTTP Server mod_session response handling heap overflow

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

CVE-2021-26690 mod_session NULL pointer dereference

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...

CVE-2021-26690

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...

CVE-2021-26690

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...

CVE-2020-35452

The CVE-2020-35452 entry concerns Apache HTTP Server 2.4.0–2.4.46, where a specially crafted Digest nonce can trigger a stack overflow in mod_auth_digest. The description notes there was no reported exploit against Apache at the time, though certain compiler/compile options might enable it with l...

CVE-2020-35452 mod_auth_digest possible stack overflow by one nul byte

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...