CVE-2020-11985

IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...

Spoofing

IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

Information disclosure

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...

Information disclosure

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

CVE-2020-11985

CVE-2020-11985 – Apache HTTP Server spoofing via proxying with mod_remoteip and mod_rewrite is documented in the initial CVE entry and corroborated by connected sources. Affected behavior: an attacker could spoof their IP address for logs and PHP scripts when proxying through mod_remoteip with ce...

CVE-2020-11985

IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

CVE-2020-11993

CVE-2020-11993 affects Apache HTTP Server 2.4.20–2.4.43: when trace/debug is enabled for the HTTP/2 module and certain traffic patterns, logging can be performed on the wrong connection, leading to concurrent use of memory pools. Mitigation in public advisories: set LogLevel for mod_http2 above i...

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...

CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...

CVE-2020-9490

CVE-2020-9490 affects Apache HTTP Server versions 2.4.20–2.4.43. A specially crafted value for the Cache-Digest header in an HTTP/2 request could cause a crash when the server subsequently attempts to HTTP/2 PUSH a resource. Mitigation for unpatched servers is to disable HTTP/2 PUSH via H2Push of...

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

CVE-2020-11984 — Multiple Vulnerabilities in Apache Web Server Could Allow for Remote Code Execution

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE Recent assessments: dabdine-r7 at August 26, 2020 8:06pm UTC reported: The details for this vulnerability were scant from Apache, but this is actually an integer overflow in the modproxyuwsgi Apache module...

PT-2020-4627

Name of the Vulnerable Software and Affected Versions Apache HTTP server versions 2.4.32 through 2.4.44 Description The issue is related to a buffer copy without checking the size of the input data in the mod proxy uwsgi module of the Apache HTTP Server. This can allow a remote attacker to gain...

PT-2020-5444 · Apache +6 · Apache Http Server +6

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.20 through 2.4.43 Description: The issue is related to the implementation of the HTTP/2 mechanism in the Apache HTTP Server, which is associated with inconsistent interpretation of HTTP requests. This can allow...