Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2021-06-10 CVE-2019-17567 Http Request Smuggling vulnerability in Apache Http Server
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
network
low complexity
apache CWE-444
5.0
2021-06-10 CVE-2020-13938 Missing Authorization vulnerability in Apache Http Server
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
local
low complexity
apache CWE-862
2.1
2021-06-10 CVE-2020-13950 Null Pointer Dereference vulnerability in Apache Http Server 2.4.41/2.4.43/2.4.44
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
network
low complexity
apache CWE-476
5.0
2021-06-10 CVE-2020-35452 Out-Of-Bounds Write vulnerability in Apache Http Server
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest.
network
apache CWE-787
6.8
2021-06-01 CVE-2021-25640 Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
network
apache CWE-918
5.8
2021-06-01 CVE-2021-25641 Deserialization of Untrusted Data vulnerability in Apache Dubbo
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on.
network
low complexity
apache CWE-502
7.5
2021-06-01 CVE-2021-30179 Deserialization of Untrusted Data vulnerability in Apache Dubbo
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces.
network
low complexity
apache CWE-502
7.5
2021-06-01 CVE-2021-30180 Http Request Smuggling vulnerability in Apache Dubbo
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server.
network
apache CWE-444
6.8
2021-06-01 CVE-2021-30181 Unspecified vulnerability in Apache Dubbo
Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server.
network
low complexity
apache
7.5
2021-05-27 CVE-2020-17514 Unspecified vulnerability in Apache Fineract
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method.
network
apache
5.8