2.4.38

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-01	CVE-2020-1934	Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. network low complexity apache fedoraproject debian canonical opensuse oracle CWE-908	5.3
2019-09-26	CVE-2019-10097	NULL Pointer Dereference vulnerability in multiple products In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. network low complexity apache oracle CWE-476	7.2
2019-09-26	CVE-2019-10092	Cross-site Scripting vulnerability in multiple products In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. network low complexity apache opensuse debian redhat fedoraproject canonical netapp oracle CWE-79	6.1
2019-09-26	CVE-2019-10082	Use After Free vulnerability in multiple products In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. network low complexity apache oracle CWE-416 critical	9.1
2019-09-25	CVE-2019-10098	Open Redirect vulnerability in Apache Http Server In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. network low complexity apache CWE-601	6.1
2019-08-15	CVE-2019-10081	Out-of-bounds Write vulnerability in multiple products HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. network low complexity apache debian CWE-787	7.5
2019-08-13	CVE-2019-9517	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee netapp nodejs CWE-770	7.5
2019-06-11	CVE-2019-0197	HTTP Request Smuggling vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. network high complexity apache canonical fedoraproject opensuse redhat oracle CWE-444	4.2
2019-06-11	CVE-2019-0196	Use After Free vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. network low complexity apache canonical debian CWE-416	5.3
2019-06-11	CVE-2019-0220	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. network low complexity apache opensuse debian fedoraproject canonical CWE-706	5.3