rpm package
opensuse/apache2&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/apache2&distro=openSUSE%20Leap%2015.3
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-26691 | — | < 2.4.43-3.22.1 | 2.4.43-3.22.1 | Jun 10, 2021 | In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | ||
| CVE-2021-26690 | — | < 2.4.43-3.22.1 | 2.4.43-3.22.1 | Jun 10, 2021 | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service | ||
| CVE-2020-35452 | — | < 2.4.43-3.22.1 | 2.4.43-3.22.1 | Jun 10, 2021 | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation | ||
| CVE-2020-13950 | — | < 2.4.43-3.22.1 | 2.4.43-3.22.1 | Jun 10, 2021 | Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service |
- CVE-2021-26691Jun 10, 2021affected < 2.4.43-3.22.1fixed 2.4.43-3.22.1
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
- CVE-2021-26690Jun 10, 2021affected < 2.4.43-3.22.1fixed 2.4.43-3.22.1
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
- CVE-2020-35452Jun 10, 2021affected < 2.4.43-3.22.1fixed 2.4.43-3.22.1
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation
- CVE-2020-13950Jun 10, 2021affected < 2.4.43-3.22.1fixed 2.4.43-3.22.1
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Page 2 of 2