| CVE-2019-0220 |
Low |
Yes |
Access restriction bypass |
A security issue has been found in Apache HTTPd 2.4.x before 2.4.39. When the path component of a request URL contains multiple consecutive slashes ('/'),... |
| CVE-2019-0217 |
High |
Yes |
Access restriction bypass |
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid... |
| CVE-2019-0215 |
High |
Yes |
Access restriction bypass |
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client... |
| CVE-2019-0211 |
Critical |
Yes |
Privilege escalation |
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads... |
| CVE-2019-0197 |
Medium |
Yes |
Denial of service |
An issue has been found in Apache HTTPd >= 2.4.34 and <= 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host,... |
| CVE-2019-0196 |
Medium |
Yes |
Denial of service |
A use-after-free issue has been found in the http/2 request handling code of Apache HTTPd <= 2.4.18 and <= 2.4.38. Using crafted network input, the http/2... |