Http Server@2.4.33 Security Vulnerabilities and Issues — Http Server@2.4.33 CVE List

Lucene search

ApacheHttp Server2.4.33

4 matches found

CVE•added 2019/09/26 4:15 p.m.•1441 views

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted prox...

7.2CVSS8AI score0.27358EPSS

CVE•added 2018/06/18 6:29 p.m.•1245 views

CVE-2018-1333

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

7.5CVSS6.3AI score0.16313EPSS

CVE•added 2019/01/30 10:29 p.m.•1091 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

5.3CVSS6.1AI score0.04923EPSS

CVE•added 2018/07/18 2:29 p.m.•338 views

CVE-2018-8011

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).

7.5CVSS7.3AI score0.38968EPSS