AVG-2053 log

Package apache
Status Fixed
Severity Medium
Type multiple issues
Affected 2.4.46-3
Fixed 2.4.47-1
Current 2.4.51-2 [extra]
Ticket None
Created Wed Jun 9 08:19:37 2021
Issue Severity Remote Type Description
CVE-2021-30641 Medium Yes Incorrect calculation
Apache HTTP Server versions 2.4.39 to 2.4.46 displays unexpected matching behavior with 'MergeSlashes OFF'.
CVE-2021-26691 Low Yes Arbitrary code execution
In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted SessionHeader sent by an origin server could cause a heap overflow.
CVE-2021-26690 Low Yes Denial of service
In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash,...
CVE-2020-35452 Low Yes Arbitrary code execution
In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this...
CVE-2020-13950 Low Yes Denial of service
In Apache HTTP Server versions 2.4.41 to 2.4.46, mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both...
CVE-2019-17567 Medium Yes Authentication bypass
In Apache HTTP Server versions 2.4.6 to 2.4.46, mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling...