Oracle

HTTP Server

103 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2021-2480

  • EPSS 0.52%
  • Veröffentlicht 20.10.2021 11:16:18
  • Zuletzt bearbeitet 21.11.2024 06:03:11

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HT...

7

CVE-2021-41617

  • EPSS 0.37%
  • Veröffentlicht 26.09.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:26:32

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsC...

7.5

CVE-2021-34798

  • EPSS 11.69%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:11:13

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5

CVE-2021-36160

  • EPSS 4.96%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 01.05.2025 15:40:05

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

9.8

CVE-2021-39275

  • EPSS 46.97%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 01.05.2025 15:39:40

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

9

CVE-2021-40438

Warnung
  • EPSS 94.43%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 16.05.2025 15:27:13

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.1

CVE-2021-35940

  • EPSS 0.06%
  • Veröffentlicht 23.08.2021 10:15:07
  • Zuletzt bearbeitet 21.11.2024 06:12:47

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared t...

5.8

CVE-2021-2315

  • EPSS 0.56%
  • Veröffentlicht 22.04.2021 22:15:17
  • Zuletzt bearbeitet 21.11.2024 06:02:52

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker wi...

7.5

CVE-2020-5360

  • EPSS 1.8%
  • Veröffentlicht 16.12.2020 16:15:14
  • Zuletzt bearbeitet 21.11.2024 05:33:58

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected s...

5.9

CVE-2020-1971

  • EPSS 0.34%
  • Veröffentlicht 08.12.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:45

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...