Apache

HTTP Server

330 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 73.98%
  • Veröffentlicht 25.09.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:18:24

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

Exploit
  • EPSS 14.56%
  • Veröffentlicht 15.08.2019 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:21

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header value...

  • EPSS 27%
  • Veröffentlicht 13.08.2019 21:15:12
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so...

  • EPSS 8.44%
  • Veröffentlicht 11.06.2019 22:29:04
  • Zuletzt bearbeitet 21.11.2024 04:16:27

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection cou...

  • EPSS 19.3%
  • Veröffentlicht 11.06.2019 22:29:03
  • Zuletzt bearbeitet 21.11.2024 04:16:27

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request ...

  • EPSS 17.86%
  • Veröffentlicht 11.06.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:31

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions...

Warnung Exploit
  • EPSS 65.01%
  • Veröffentlicht 08.04.2019 22:29:00
  • Zuletzt bearbeitet 27.10.2025 17:37:51

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with...

  • EPSS 17.67%
  • Veröffentlicht 08.04.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:30

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio...

  • EPSS 10.51%
  • Veröffentlicht 08.04.2019 20:29:10
  • Zuletzt bearbeitet 21.11.2024 04:16:30

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.

  • EPSS 19.4%
  • Veröffentlicht 30.01.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:03

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_htt...