Vulnerabilities > Apache > Http Server > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-01 | CVE-2020-1934 | Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | 5.3 |
2019-09-26 | CVE-2019-10092 | Cross-site Scripting vulnerability in multiple products In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. | 6.1 |
2019-09-25 | CVE-2019-10098 | Open Redirect vulnerability in Apache Http Server In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. | 6.1 |
2019-06-11 | CVE-2019-0197 | HTTP Request Smuggling vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. | 4.2 |
2019-06-11 | CVE-2019-0196 | Use After Free vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. | 5.3 |
2019-06-11 | CVE-2019-0220 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. | 5.3 |
2019-01-30 | CVE-2018-17189 | Resource Exhaustion vulnerability in multiple products In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. | 5.3 |
2018-09-25 | CVE-2018-11763 | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. | 5.9 |
2018-08-14 | CVE-2016-4975 | CRLF Injection vulnerability in Apache Http Server Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. | 6.1 |
2018-07-26 | CVE-2017-12171 | A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. | 6.5 |