Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-13 CVE-2021-36090 When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache oracle netapp
7.5
7.5
2021-07-12 CVE-2021-30639 Improper Handling of Exceptional Conditions vulnerability in multiple products
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service.
network
low complexity
apache mcafee oracle CWE-755
7.5
7.5
2021-06-30 CVE-2021-32566 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-06-30 CVE-2021-32567 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-06-29 CVE-2021-27577 HTTP Request Smuggling vulnerability in multiple products
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache.
network
low complexity
apache debian CWE-444
7.5
7.5
2021-06-29 CVE-2021-32565 HTTP Request Smuggling vulnerability in multiple products
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-444
7.5
7.5
2021-06-16 CVE-2021-30468 Infinite Loop vulnerability in multiple products
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely.
network
low complexity
apache oracle CWE-835
7.5
7.5
2021-06-16 CVE-2021-33813 XXE vulnerability in multiple products
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
network
low complexity
jdom apache debian fedoraproject oracle CWE-611
7.5
7.5
2021-06-15 CVE-2021-31618 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well.
network
low complexity
apache fedoraproject debian oracle CWE-476
7.5
7.5
2021-06-10 CVE-2020-13950 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
network
low complexity
apache debian fedoraproject oracle CWE-476
7.5
7.5