Vulnerabilities > Apache > Http Server > 2.4.27
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-16 | CVE-2021-39275 | Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. | 9.8 |
2021-09-16 | CVE-2021-40438 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. | 9.0 |
2021-08-16 | CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. | 7.5 |
2021-06-10 | CVE-2019-17567 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. | 5.3 |
2021-06-10 | CVE-2020-13938 | Missing Authorization vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | 5.5 |
2021-06-10 | CVE-2020-35452 | Out-of-bounds Write vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. | 7.3 |
2021-06-10 | CVE-2021-26690 | NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service | 7.5 |
2021-06-10 | CVE-2021-26691 | Out-of-bounds Write vulnerability in multiple products In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | 9.8 |
2020-08-07 | CVE-2020-9490 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. | 7.5 |
2020-08-07 | CVE-2020-11993 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. | 7.5 |