Log

CVE-2020-35452 edited at 09 Jun 2021 08:12:27
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
CVE-2020-13950 edited at 09 Jun 2021 08:11:41
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ In Apache HTTP Server versions 2.4.41 to 2.4.46, mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950
CVE-2019-17567 edited at 09 Jun 2021 08:10:55
Description
- Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
+ In Apache HTTP Server versions 2.4.6 to 2.4.46, mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
CVE-2020-13938 edited at 09 Jun 2021 08:10:40
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ In Apache HTTP Server versions 2.4.0 to 2.4.46, unprivileged local users can stop httpd on Windows.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13938
CVE-2019-17567 edited at 09 Jun 2021 08:09:41
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Authentication bypass
Description
+ Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-17567
AVG-2041 edited at 09 Jun 2021 08:07:45
Issues
+ CVE-2019-17567
+ CVE-2020-13938
+ CVE-2020-13950
+ CVE-2020-35452
+ CVE-2021-26690
+ CVE-2021-26691
+ CVE-2021-30641
CVE-2021-31618
CVE-2020-35452 created at 09 Jun 2021 08:07:45
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2041 edited at 09 Jun 2021 08:07:45
Issues
+ CVE-2019-17567
+ CVE-2020-13938
+ CVE-2020-13950
+ CVE-2020-35452
+ CVE-2021-26690
+ CVE-2021-26691
+ CVE-2021-30641
CVE-2021-31618
CVE-2021-26690 created at 09 Jun 2021 08:07:45
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2041 edited at 09 Jun 2021 08:07:45
Issues
+ CVE-2019-17567
+ CVE-2020-13938
+ CVE-2020-13950
+ CVE-2020-35452
+ CVE-2021-26690
+ CVE-2021-26691
+ CVE-2021-30641
CVE-2021-31618
CVE-2021-30641 created at 09 Jun 2021 08:07:45
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2041 edited at 09 Jun 2021 08:07:45
Issues
+ CVE-2019-17567
+ CVE-2020-13938
+ CVE-2020-13950
+ CVE-2020-35452
+ CVE-2021-26690
+ CVE-2021-26691
+ CVE-2021-30641
CVE-2021-31618
CVE-2020-13950 created at 09 Jun 2021 08:07:45
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2041 edited at 09 Jun 2021 08:07:45
Issues
+ CVE-2019-17567
+ CVE-2020-13938
+ CVE-2020-13950
+ CVE-2020-35452
+ CVE-2021-26690
+ CVE-2021-26691
+ CVE-2021-30641
CVE-2021-31618
CVE-2020-13938 created at 09 Jun 2021 08:07:45
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes