VYPR

rpm package

suse/apache2&distro=SUSE OpenStack Cloud Crowbar 8

pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Vulnerabilities (27)

  • CVE-2020-35452Jun 10, 2021
    affected < 2.4.23-29.74.1fixed 2.4.23-29.74.1

    Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation

  • CVE-2020-11985Aug 7, 2020
    affected < 2.4.23-29.63.1fixed 2.4.23-29.63.1

    IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but

  • CVE-2020-11993Aug 7, 2020
    affected < 2.4.23-29.63.1fixed 2.4.23-29.63.1

    Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" w

  • CVE-2020-9490Aug 7, 2020
    affected < 2.4.23-29.63.1fixed 2.4.23-29.63.1

    Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate thi

  • CVE-2020-1927Apr 1, 2020
    affected < 2.4.23-29.54.1fixed 2.4.23-29.54.1

    In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

  • CVE-2020-1934Apr 1, 2020
    affected < 2.4.23-29.54.1fixed 2.4.23-29.54.1

    In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

  • CVE-2020-1938KEVFeb 24, 2020
    affected < 2.4.23-29.54.1fixed 2.4.23-29.54.1

    When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exp

Page 2 of 2