Http Server@2.4.37 Security Vulnerabilities and Issues — Http Server@2.4.37 CVE List

Lucene search

ApacheHttp Server2.4.37

4 matches found

CVE•added 2019/09/26 4:15 p.m.•1441 views

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted prox...

7.2CVSS8AI score0.27358EPSS

CVE•added 2019/04/08 8:29 p.m.•1322 views

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.

7.5CVSS6AI score0.06007EPSS

CVE•added 2019/01/30 10:29 p.m.•1091 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

5.3CVSS6.1AI score0.04923EPSS

CVE•added 2019/01/30 10:29 p.m.•467 views

CVE-2019-0190

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or ...

7.5CVSS7.1AI score0.22248EPSS