Http Server@2.4.19 Security Vulnerabilities and Issues — Http Server@2.4.19 CVE List

Lucene search

ApacheHttp Server2.4.19

4 matches found

CVE•added 2017/07/27 9:29 p.m.•1727 views

CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding orac...

7.5CVSS7.5AI score0.1859EPSS

CVE•added 2017/07/27 9:29 p.m.•1641 views

CVE-2016-2161

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.

7.5CVSS7.5AI score0.33001EPSS

CVE•added 2016/07/06 2:59 p.m.•591 views

CVE-2016-4979

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple...

7.5CVSS7.5AI score0.44542EPSS

CVE•added 2016/12/05 7:59 p.m.•548 views

CVE-2016-8740

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

7.5CVSS7.2AI score0.71553EPSS