Vulnerabilities > Apache > Http Server > 2.4.25
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-20 | CVE-2017-7679 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Http Server In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. | 9.8 |
| 2017-06-20 | CVE-2017-7668 | Out-of-bounds Read vulnerability in multiple products The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. | 7.5 |
| 2017-06-20 | CVE-2017-3169 | NULL Pointer Dereference vulnerability in Apache Http Server In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. | 9.8 |
| 2017-06-20 | CVE-2017-3167 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | 9.8 |