2.4.8

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-16	CVE-2021-39275	Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. network low complexity apache fedoraproject debian netapp oracle siemens CWE-787 critical	9.8
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp f5 oracle siemens CWE-918 critical	9.0
2021-06-10	CVE-2019-17567	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. network low complexity apache fedoraproject oracle CWE-444	5.3
2020-08-07	CVE-2020-11985	Insufficient Verification of Data Authenticity vulnerability in Apache Http Server IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. network low complexity apache CWE-345	5.3
2020-04-02	CVE-2020-1927	Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. network low complexity apache fedoraproject debian canonical opensuse netapp broadcom oracle CWE-601	6.1
2020-04-01	CVE-2020-1934	Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. network low complexity apache fedoraproject debian canonical opensuse oracle CWE-908	5.3
2019-09-26	CVE-2019-10092	Cross-site Scripting vulnerability in multiple products In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. network low complexity apache opensuse debian redhat fedoraproject canonical netapp oracle CWE-79	6.1
2019-09-25	CVE-2019-10098	Open Redirect vulnerability in Apache Http Server In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. network low complexity apache CWE-601	6.1
2019-06-11	CVE-2019-0220	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. network low complexity apache opensuse debian fedoraproject canonical CWE-706	5.3
2019-04-08	CVE-2019-0217	Race Condition vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. network high complexity apache debian fedoraproject canonical redhat opensuse netapp oracle CWE-362	7.5