Lucene search
K
ApacheHttp Server2.4.39

5 matches found

CVE
CVE
added 2019/09/25 4:39 p.m.3668 views

CVE-2019-10098

Apache httpd (2.4.0–2.4.39) is affected by CVE-2019-10098 via mod_rewrite: self-referential redirects can be fooled by encoded newlines, causing redirects to an unexpected URL. Connected advisories confirm affected versions and that exploitation could enable phishing via redirects. Mitigation is ...

6.1CVSS7.7AI score0.73981EPSS
Web
CVE
CVE
added 2019/09/26 2:40 p.m.3491 views

CVE-2019-10082

CVE-2019-10082 affects Apache HTTP Server 2.4.18–2.4.39, where fuzzed network input could cause read-after-free in http/2 session shutdown. Impact: remote, unauthenticated triggering memory faults in httpd workers, enabling potential DoS and other consequences. Connected sources indicate remediat...

9.1CVSS8.9AI score0.16549EPSS
CVE
CVE
added 2019/09/26 2:7 p.m.3424 views

CVE-2019-10092

The CVE-2019-10092 entry concerns Apache HTTP Server 2.4.0–2.4.39 with a limited cross-site scripting in the mod_proxy error page. The vulnerability lets an attacker craft a link on the error page that could mislead users by pointing to a page of the attacker’s choosing, but exploitation requires...

6.1CVSS7.3AI score0.81466EPSS
CVE
CVE
added 2019/08/15 9:2 p.m.1870 views

CVE-2019-10081

CVE-2019-10081 affects Apache httpd's HTTP/2 implementation (mod_http2) where very early pushes can overwrite memory in the pushing request’s pool, causing crashes. The vulnerable facet is the handling of push headers (not client data) and memory being copied from the configured push link header ...

7.5CVSS8.1AI score0.14563EPSS
CVE
CVE
added 2021/06/10 7:10 a.m.1232 views

CVE-2021-30641

CVE-2021-30641 affects Apache HTTP Server 2.4.39–2.4.46 with unexpected matching behavior when MergeSlashes OFF. Connected sources indicate patched versions: Debian fixes in 2.4.38-based packages, AlmaLinux/RedHat advisories reference a fix in Apache 2.4.51 for supported Check Point versions, and...

5.3CVSS7.5AI score0.52331EPSS