Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache http server 2.4.38 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
Apache Http Server 2.4.37Apache Http Server 2.4.38Fedoraproject Fedora 29Fedoraproject Fedora 30
7.2
CVSSv3
CVE-2019-10097
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only b...
Apache Http Server 2.4.33Apache Http Server 2.4.37Apache Http Server 2.4.38Apache Http Server 2.4.34Apache Http Server 2.4.35Oracle Retail Xstore Point Of Service 7.1Oracle Enterprise Manager Ops Center 12.3.3Oracle Enterprise Manager Ops Center 12.4.0Oracle Instantis EnterprisetrackOracle Communications Element Manager 8.2.0Oracle Communications Element Manager 8.1.1Oracle Communications Element Manager 8.1.0Oracle Communications Element Manager 8.0.0Oracle Http Server 12.2.1.4.0Oracle Communications Session Report Manager 8.1.1Oracle Communications Session Report Manager 8.2.0Oracle Communications Session Report Manager 8.2.1Oracle Communications Session Route Manager 8.1.1Oracle Communications Session Route Manager 8.2.0Oracle Communications Session Route Manager 8.2.1
5.3
CVSSv3
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.
Apache Http Server 2.4.20Apache Http Server 2.4.23Apache Http Server 2.4.25Apache Http Server 2.4.26Apache Http Server 2.4.18Apache Http Server 2.4.17Apache Http Server 2.4.27Apache Http Server 2.4.29Apache Http Server 2.4.28Apache Http Server 2.4.33Apache Http Server 2.4.37Apache Http Server 2.4.30Apache Http Server 2.4.34Apache Http Server 2.4.35Netapp Santricity Cloud Connector -Netapp Storage Automation Store -Fedoraproject Fedora 28Fedoraproject Fedora 29Debian Debian Linux 9.0Oracle Retail Xstore Point Of Service 7.1Oracle Retail Xstore Point Of Service 7.0Oracle Hospitality Guest Access 4.2.0
6.1
CVSSv3
CVE-2019-10098
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
Apache Http Server
7.5
CVSSv3
CVE-2019-10081
HTTP/2 (2.4.20 up to and including 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, ...
Apache Http ServerDebian Debian Linux 9.0Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-31618
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status...
Apache Http Server 1.15.17Apache Http Server 2.4.47Fedoraproject Fedora 33Fedoraproject Fedora 34Debian Debian Linux 9.0Debian Debian Linux 10.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Enterprise Manager Ops Center 12.4.0.0Oracle Zfs Storage Appliance Kit 8.8
5.3
CVSSv3
CVE-2019-0196
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
Apache Http ServerCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10Debian Debian Linux 9.0
9.1
CVSSv3
CVE-2019-10082
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
Apache Http ServerOracle Retail Xstore Point Of Service 7.1Oracle Http Server 12.2.1.3.0Oracle Enterprise Manager Ops Center 12.3.3Oracle Enterprise Manager Ops Center 12.4.0Oracle Instantis EnterprisetrackOracle Communications Element Manager 8.2.0Oracle Communications Element Manager 8.1.1Oracle Communications Element Manager 8.1.0Oracle Communications Element Manager 8.0.0Oracle Http Server 12.2.1.4.0Oracle Enterprise Manager Ops Center 12.4.0.0
7.8
CVSSv3
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent ...
Apache Http ServerFedoraproject Fedora 29Fedoraproject Fedora 30Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10Debian Debian Linux 9.0Opensuse Leap 42.3Opensuse Leap 15.0
8.2
CVSSv3
CVE-2021-44224
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server ...
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Fedoraproject Fedora 36Debian Debian Linux 10.0Debian Debian Linux 11.0Tenable Tenable.scOracle Http Server 12.2.1.3.0Oracle Communications Operations Monitor 4.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Http Server -Oracle Http Server 12.2.1.4.0Oracle Communications Operations Monitor 4.3Oracle Communications Operations Monitor 4.4Oracle Communications Operations Monitor 5.0Oracle Communications Element ManagerOracle Communications Session Report ManagerOracle Communications Session Route ManagerApple MacosApple Mac Os X 10.15.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook