Vulnerabilities > Apache > Http Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-1934 Use of Uninitialized Resource vulnerability in multiple products
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
5.3
2019-09-26 CVE-2019-10092 Cross-site Scripting vulnerability in multiple products
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page.
6.1
2019-09-25 CVE-2019-10098 Open Redirect vulnerability in Apache Http Server
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
network
low complexity
apache CWE-601
6.1
2019-06-11 CVE-2019-0197 HTTP Request Smuggling vulnerability in multiple products
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38.
4.2
2019-06-11 CVE-2019-0196 Use After Free vulnerability in multiple products
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38.
network
low complexity
apache canonical debian CWE-416
5.3
2019-06-11 CVE-2019-0220 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38.
5.3
2019-01-30 CVE-2018-17189 Resource Exhaustion vulnerability in multiple products
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data.
5.3
2018-09-25 CVE-2018-11763 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect.
network
high complexity
apache canonical redhat oracle netapp
5.9
2018-08-14 CVE-2016-4975 CRLF Injection vulnerability in Apache Http Server
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir.
network
low complexity
apache CWE-93
6.1
2018-07-26 CVE-2017-12171 A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly.
network
low complexity
redhat apache
6.5