Http Server

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-05	CVE-2021-41773	Path Traversal vulnerability in multiple products A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. network low complexity apache fedoraproject oracle netapp CWE-22	7.5
2021-09-16	CVE-2021-34798	NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. network low complexity apache fedoraproject debian netapp tenable oracle broadcom siemens CWE-476	7.5
2021-09-16	CVE-2021-36160	Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). network low complexity apache fedoraproject debian netapp oracle broadcom CWE-125	7.5
2021-09-16	CVE-2021-39275	Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. network low complexity apache fedoraproject debian netapp oracle siemens CWE-787 critical	9.8
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0
2021-08-16	CVE-2021-33193	A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. network low complexity apache fedoraproject tenable oracle	7.5
2021-06-15	CVE-2021-31618	NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. network low complexity apache fedoraproject debian oracle CWE-476	7.5
2021-06-10	CVE-2019-17567	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. network low complexity apache fedoraproject oracle CWE-444	5.3
2021-06-10	CVE-2020-13938	Missing Authorization vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows local low complexity apache mcafee netapp CWE-862	5.5
2021-06-10	CVE-2020-13950	NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service network low complexity apache debian fedoraproject oracle CWE-476	7.5