Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2021-06-12 CVE-2021-31812 Infinite Loop vulnerability in multiple products
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file.
local
low complexity
apache fedoraproject oracle CWE-835
5.5
5.5
2021-06-10 CVE-2019-17567 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
network
low complexity
apache fedoraproject oracle CWE-444
5.3
5.3
2021-06-10 CVE-2020-13938 Missing Authorization vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
local
low complexity
apache mcafee netapp CWE-862
5.5
5.5
2021-06-10 CVE-2020-13950 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
network
low complexity
apache debian fedoraproject oracle CWE-476
7.5
7.5
2021-06-10 CVE-2020-35452 Out-of-bounds Write vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest.
network
low complexity
apache debian fedoraproject oracle CWE-787
7.3
7.3
2021-06-10 CVE-2021-26690 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
network
low complexity
apache debian fedoraproject oracle CWE-476
7.5
7.5
2021-06-10 CVE-2021-26691 Out-of-bounds Write vulnerability in multiple products
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
network
low complexity
apache debian fedoraproject oracle netapp CWE-787
critical
 9.8
9.8
2021-06-10 CVE-2021-30641 Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
network
low complexity
apache debian fedoraproject oracle
5.3
5.3
2021-06-08 CVE-2021-33190 Improper Restriction of Excessive Authentication Attempts vulnerability in Apache Apisix Dashboard 2.6
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access.
network
low complexity
apache CWE-307
5.3
5.3
2021-06-07 CVE-2021-29621 Information Exposure Through Discrepancy vulnerability in multiple products
Flask-AppBuilder is a development framework, built on top of Flask.
network
low complexity
flask-appbuilder-project apache CWE-203
5.3
5.3