Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-10 | CVE-2019-17567 | Http Request Smuggling vulnerability in Apache Http Server Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. | 5.0 |
| 2021-06-10 | CVE-2020-13938 | Missing Authorization vulnerability in Apache Http Server Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | 2.1 |
| 2021-06-10 | CVE-2020-13950 | Null Pointer Dereference vulnerability in Apache Http Server 2.4.41/2.4.43/2.4.44 Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service | 5.0 |
| 2021-06-10 | CVE-2020-35452 | Out-Of-Bounds Write vulnerability in Apache Http Server Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. | 6.8 |
| 2021-06-01 | CVE-2021-25640 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | 5.8 |
| 2021-06-01 | CVE-2021-25641 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. | 7.5 |
| 2021-06-01 | CVE-2021-30179 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. | 7.5 |
| 2021-06-01 | CVE-2021-30180 | Http Request Smuggling vulnerability in Apache Dubbo Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. | 6.8 |
| 2021-06-01 | CVE-2021-30181 | Unspecified vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. | 7.5 |
| 2021-05-27 | CVE-2020-17514 | Unspecified vulnerability in Apache Fineract Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. network apache | 5.8 |