CVE-2021-40438 |
High |
Yes |
Url request injection |
In Apache HTTP Server before version 2.4.49, a crafted request uri- path can cause mod_proxy to forward the request to an origin server choosen by the remote user. |
CVE-2021-39275 |
Low |
Yes |
Arbitrary code execution |
In Apache HTTP Server before version 2.4.49, ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass... |
CVE-2021-36160 |
Medium |
Yes |
Denial of service |
In Apache HTTP Server before version 2.4.49, a carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash... |
CVE-2021-34798 |
Medium |
Yes |
Denial of service |
Malformed requests may cause Apache HTTP Server before version 2.4.49 to dereference a NULL pointer, resulting in denial of service. |
CVE-2021-33193 |
Medium |
Yes |
Url request injection |
In Apache HTTP Server before version 2.4.49, a crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to... |