2.2.10

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-14	CVE-2022-22719	Improper Initialization vulnerability in multiple products A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. network low complexity apache debian fedoraproject oracle apple CWE-665	7.5
2022-03-14	CVE-2022-22720	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling network low complexity apache fedoraproject debian oracle apple CWE-444 critical	9.8
2022-03-14	CVE-2022-22721	Integer Overflow or Wraparound vulnerability in multiple products If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. network low complexity apache fedoraproject debian oracle apple CWE-190 critical	9.1
2021-12-20	CVE-2021-44790	A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). network low complexity apache fedoraproject debian tenable netapp oracle apple critical	9.8
2021-09-16	CVE-2021-34798	NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. network low complexity apache fedoraproject debian netapp tenable oracle broadcom siemens CWE-476	7.5
2021-09-16	CVE-2021-39275	Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. network low complexity apache fedoraproject debian netapp oracle siemens CWE-787 critical	9.8
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0
2018-08-14	CVE-2016-4975	CRLF Injection vulnerability in Apache Http Server Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. network low complexity apache CWE-93	6.1
2018-03-26	CVE-2018-1303	Out-of-bounds Read vulnerability in multiple products A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. network low complexity apache debian canonical netapp CWE-125	7.5
2018-03-26	CVE-2018-1302	NULL Pointer Dereference vulnerability in multiple products When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. network high complexity apache canonical netapp CWE-476	5.9