CVE-2021-30641 |
Medium |
Yes |
Incorrect calculation |
Apache HTTP Server versions 2.4.39 to 2.4.46 displays unexpected matching behavior with 'MergeSlashes OFF'. |
CVE-2021-26691 |
Low |
Yes |
Arbitrary code execution |
In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted SessionHeader sent by an origin server could cause a heap overflow. |
CVE-2021-26690 |
Low |
Yes |
Denial of service |
In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash,... |
CVE-2020-35452 |
Low |
Yes |
Arbitrary code execution |
In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this... |
CVE-2020-13950 |
Low |
Yes |
Denial of service |
In Apache HTTP Server versions 2.4.41 to 2.4.46, mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both... |
CVE-2019-17567 |
Medium |
Yes |
Authentication bypass |
In Apache HTTP Server versions 2.4.6 to 2.4.46, mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling... |