rpm package
suse/apache2&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-39275 | — | < 2.4.33-3.55.1 | 2.4.33-3.55.1 | Sep 16, 2021 | ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. | ||
| CVE-2021-36160 | — | < 2.4.33-3.55.1 | 2.4.33-3.55.1 | Sep 16, 2021 | A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | ||
| CVE-2021-34798 | — | < 2.4.33-3.55.1 | 2.4.33-3.55.1 | Sep 16, 2021 | Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | ||
| CVE-2021-33193 | — | < 2.4.33-3.55.1 | 2.4.33-3.55.1 | Aug 16, 2021 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | ||
| CVE-2021-31618 | — | < 2.4.33-3.50.1 | 2.4.33-3.50.1 | Jun 15, 2021 | Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status | ||
| CVE-2021-30641 | — | < 2.4.33-3.50.1 | 2.4.33-3.50.1 | Jun 10, 2021 | Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' | ||
| CVE-2021-26691 | — | < 2.4.33-3.50.1 | 2.4.33-3.50.1 | Jun 10, 2021 | In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | ||
| CVE-2021-26690 | — | < 2.4.33-3.50.1 | 2.4.33-3.50.1 | Jun 10, 2021 | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service | ||
| CVE-2020-35452 | — | < 2.4.33-3.50.1 | 2.4.33-3.50.1 | Jun 10, 2021 | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation | ||
| CVE-2019-10092 | — | < 2.4.33-3.50.1 | 2.4.33-3.50.1 | Sep 26, 2019 | In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server |
- CVE-2021-39275Sep 16, 2021affected < 2.4.33-3.55.1fixed 2.4.33-3.55.1
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
- CVE-2021-36160Sep 16, 2021affected < 2.4.33-3.55.1fixed 2.4.33-3.55.1
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
- CVE-2021-34798Sep 16, 2021affected < 2.4.33-3.55.1fixed 2.4.33-3.55.1
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
- CVE-2021-33193Aug 16, 2021affected < 2.4.33-3.55.1fixed 2.4.33-3.55.1
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
- CVE-2021-31618Jun 15, 2021affected < 2.4.33-3.50.1fixed 2.4.33-3.50.1
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status
- CVE-2021-30641Jun 10, 2021affected < 2.4.33-3.50.1fixed 2.4.33-3.50.1
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
- CVE-2021-26691Jun 10, 2021affected < 2.4.33-3.50.1fixed 2.4.33-3.50.1
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
- CVE-2021-26690Jun 10, 2021affected < 2.4.33-3.50.1fixed 2.4.33-3.50.1
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
- CVE-2020-35452Jun 10, 2021affected < 2.4.33-3.50.1fixed 2.4.33-3.50.1
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation
- CVE-2019-10092Sep 26, 2019affected < 2.4.33-3.50.1fixed 2.4.33-3.50.1
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server
Page 2 of 2