5 matches found
CVE-2019-10098
Apache httpd (2.4.0–2.4.39) is affected by CVE-2019-10098 via mod_rewrite: self-referential redirects can be fooled by encoded newlines, causing redirects to an unexpected URL. Connected advisories confirm affected versions and that exploitation could enable phishing via redirects. Mitigation is ...
CVE-2019-10082
CVE-2019-10082 affects Apache HTTP Server 2.4.18–2.4.39, where fuzzed network input could cause read-after-free in http/2 session shutdown. Impact: remote, unauthenticated triggering memory faults in httpd workers, enabling potential DoS and other consequences. Connected sources indicate remediat...
CVE-2019-10092
The CVE-2019-10092 entry concerns Apache HTTP Server 2.4.0–2.4.39 with a limited cross-site scripting in the mod_proxy error page. The vulnerability lets an attacker craft a link on the error page that could mislead users by pointing to a page of the attacker’s choosing, but exploitation requires...
CVE-2019-10081
CVE-2019-10081 affects Apache httpd's HTTP/2 implementation (mod_http2) where very early pushes can overwrite memory in the pushing request’s pool, causing crashes. The vulnerable facet is the handling of push headers (not client data) and memory being copied from the configured push link header ...
CVE-2021-30641
CVE-2021-30641 affects Apache HTTP Server 2.4.39–2.4.46 with unexpected matching behavior when MergeSlashes OFF. Connected sources indicate patched versions: Debian fixes in 2.4.38-based packages, AlmaLinux/RedHat advisories reference a fix in Apache 2.4.51 for supported Check Point versions, and...