Lucene search
K
ApacheHttp Server2.4.46

7 matches found

CVE
CVE
added 2021/06/10 7:10 a.m.7473 views

CVE-2021-26691

CVE-2021-26691 affects Apache HTTP Server, where a crafted SessionHeader can cause a heap overflow in 2.4.0–2.4.46. Several connected advisories indicate that updates have been released (e.g., AlmaLinux/CentOS/Red Hat ecosystems) and that newer Apache HTTP Server versions (e.g., 2.4.51 in Check P...

9.8CVSS9.2AI score0.68067EPSS
CVE
CVE
added 2021/06/10 7:10 a.m.2540 views

CVE-2020-35452

The CVE-2020-35452 entry concerns Apache HTTP Server 2.4.0–2.4.46, where a specially crafted Digest nonce can trigger a stack overflow in mod_auth_digest. The description notes there was no reported exploit against Apache at the time, though certain compiler/compile options might enable it with l...

7.3CVSS8.5AI score0.53191EPSS
CVE
CVE
added 2021/06/10 7:10 a.m.2051 views

CVE-2021-26690

CVE-2021-26690 affects Apache HTTP Server 2.4.0–2.4.46 due to a NULL pointer dereference in mod_session when parsing a crafted Cookie header, leading to Denial of Service. Public advisories and vendor pages confirm a patch exists in newer httpd releases (e.g., 2.4.46+/2.4.51 in various distributi...

7.5CVSS8.6AI score0.65067EPSS
CVE
CVE
added 2021/06/10 7:10 a.m.1796 views

CVE-2019-17567

CVE-2019-17567 affects Apache HTTP Server 2.4.x where mod_proxy_wstunnel on a URL not guaranteed to be upgraded by the origin server tunnels the entire connection, allowing subsequent requests on the same TCP connection to bypass HTTP validation, authentication, or authorization. Public reference...

5.3CVSS7AI score0.60266EPSS
CVE
CVE
added 2021/06/10 7:10 a.m.1232 views

CVE-2021-30641

CVE-2021-30641 affects Apache HTTP Server 2.4.39–2.4.46 with unexpected matching behavior when MergeSlashes OFF. Connected sources indicate patched versions: Debian fixes in 2.4.38-based packages, AlmaLinux/RedHat advisories reference a fix in Apache 2.4.51 for supported Check Point versions, and...

5.3CVSS7.5AI score0.52331EPSS
CVE
CVE
added 2021/06/10 7:10 a.m.1215 views

CVE-2020-13950

CVE-2020-13950 affects Apache HTTP Server (httpd) mod_proxy_http, with versions 2.4.41–2.4.46 vulnerable to a NULL pointer dereference triggered by specially crafted requests using both Content-Length and Transfer-Encoding headers, causing Denial of Service. Connected documents confirm impact as ...

7.5CVSS8.4AI score0.49089EPSS
CVE
CVE
added 2021/06/10 7:10 a.m.957 views

CVE-2020-13938

CVE-2020-13938 affects Apache HTTP Server 2.4.0–2.4.46. The vulnerability allows unprivileged local users to stop the httpd service on Windows. The connected sources confirm the affected product family and the local-access impact, with public advisories referencing Microsoft Windows behavior and ...

5.5CVSS6.6AI score0.11773EPSS
In wild