2.4.19

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-11	CVE-2019-0220	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. network low complexity apache opensuse debian fedoraproject canonical CWE-706	5.3
2019-04-08	CVE-2019-0211	Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. local low complexity apache fedoraproject canonical debian opensuse netapp redhat oracle CWE-416	7.8
2019-04-08	CVE-2019-0217	Race Condition vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. network high complexity apache debian fedoraproject canonical redhat opensuse netapp oracle CWE-362	7.5
2019-01-30	CVE-2018-17199	Session Fixation vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. network low complexity apache debian netapp canonical oracle CWE-384	7.5
2018-09-25	CVE-2018-11763	In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. network high complexity apache canonical redhat oracle netapp	5.9
2018-06-18	CVE-2018-1333	Resource Exhaustion vulnerability in multiple products By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. network low complexity apache redhat canonical netapp CWE-400	7.5
2018-03-26	CVE-2018-1303	Out-of-bounds Read vulnerability in multiple products A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. network low complexity apache debian canonical netapp CWE-125	7.5
2018-03-26	CVE-2018-1302	NULL Pointer Dereference vulnerability in multiple products When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. network high complexity apache canonical netapp CWE-476	5.9
2018-03-26	CVE-2018-1301	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. network high complexity apache debian canonical netapp redhat CWE-119	5.9
2018-03-26	CVE-2018-1283	In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. network high complexity apache debian canonical netapp redhat	5.3