pkg:Debian/apache2

All known vulnerabilities

• CRITICAL9.8CVE-2021-42013⚠ KEVPath Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
  from 0, < 2.4.51-1
• CRITICAL9.8CVE-2021-41773⚠ KEVPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
  from 0, < 2.4.50-1
• CRITICAL9.1CVE-2024-38475⚠ KEVApache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
  from 0, < 2.4.61-1~deb11u1
• CRITICAL9.0⚠ KEVmod_proxy SSRF
  from 0, < 2.4.51-1~deb11u1
• HIGH7.8⚠ KEVApache HTTP Server Privilege Escalation Vulnerability
  from 0, < 2.4.38-3
• CRITICAL9.8Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
  from 0
• CRITICAL9.8Apache HTTP Server: mod_ldap per-dir use-after-free
  from 0
• CRITICAL9.8Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()
  from 0, < 2.4.67-1~deb11u1
• CRITICAL9.8Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
  from 0, < 2.4.61-1~deb11u1
• CRITICAL9.8Apache HTTP Server weakness with encoded question marks in backreferences
  from 0, < 2.4.61-1~deb11u1
• CRITICAL9.8apache2 - security update
  from 0, < 2.4.38-3+deb10u10
• CRITICAL9.8apache2 - security update
  from 0, < 2.4.56-1~deb11u1
• CRITICAL9.8mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
  from 0, < 2.4.54-1~deb11u1
• CRITICAL9.8pound - security update
  from 0, < 2.2.14-2
• CRITICAL9.8mod_sed: Read/write beyond bounds
  from 0, < 2.4.53-1~deb11u1
• CRITICAL9.8HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
  from 0, < 2.4.53-1~deb11u1
• CRITICAL9.8Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
  from 0, < 2.4.52-1~deb11u2
• CRITICAL9.8ap_escape_quotes buffer overflow
  from 0, < 2.4.51-1~deb11u1
• CRITICAL9.8Apache HTTP Server mod_session response handling heap overflow
  from 0, < 2.4.46-6
• CRITICAL9.8apache2 - security update
  from 0, < 2.4.38-3+deb10u4
• CRITICAL9.8apache2 - security update
  from 0, < 2.4.46-1
• CRITICAL9.8In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not c…
  from 0, < 2.4.33-1
• CRITICAL9.8In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious C…
  from 0, < 2.4.25-4
• CRITICAL9.8In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_p…
  from 0, < 2.4.25-4
• CRITICAL9.8apache2 - security update
  from 0, < 2.4.25-4
• CRITICAL9.8apache2 - security update
  from 0, < 2.4.10-10+deb8u9
• CRITICAL9.8apache2 - security update
  from 0, < 2.2.22-13+deb7u9
• CRITICAL9.1Apache HTTP Server: mod_dav_fs protected directory access
  from 0
• CRITICAL9.1Apache HTTP Server: mod_ssl access control bypass with session resumption
  from 0, < 2.4.65-1~deb11u1
• CRITICAL9.1Read beyond bounds in ap_strcmp_match()
  from 0, < 2.4.54-1~deb11u1
• CRITICAL9.1core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
  from 0, < 2.4.53-1~deb11u1
• CRITICAL9.1In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed…
  from 0, < 2.4.41-1
• CRITICAL9.1apache2 - security update
  from 0, < 2.4.27-1
• CRITICAL9.1apache2 - security update
  from 0, < 2.4.10-10+deb8u10
• CRITICAL9.1apache2 - security update
  from 0, < 2.2.22-13+deb7u10
• CRITICAL9.0Apache HTTP Server: mod_proxy_ajp Possible request smuggling
  from 0, < 2.4.56-1~deb11u1
• HIGH8.8Apache HTTP Server: http2: double free and possible RCE on early reset
  from 0, < 2.4.67-1~deb12u2
• HIGH8.8Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
  from 0, < 2.4.67-1~deb11u1
• HIGH8.3Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
  from 0, < 2.4.66-1~deb11u1
• HIGH8.2apache2 - security update
  from 0, < 2.4.38-3+deb10u7
• HIGH8.2apache2 - security update
  from 0, < 2.4.25-3+deb9u12
• HIGH8.2apache2 - security update
  from 0, < 2.4.52-1~deb11u2
• HIGH8.1Apache HTTP Server proxy encoding problem
  from 0, < 2.4.61-1~deb11u1
• HIGH8.1In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, r…
  from 0, < 2.4.33-1
• HIGH8.1apache2 - security update
  from 0, < 2.2.22-13+deb7u7
• HIGH8.1apache2 - security update
  from 0, < 2.4.10-10+deb8u5
• HIGH8.1apache2 - security update
  from 0, < 2.4.23-2
• HIGH7.8Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow dur…
  from 0, < 2.0.51
• HIGH7.5Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
  from 0
• HIGH7.5Apache HTTP Server: mod_proxy_html buffer overflow
  from 0
• HIGH7.5Apache HTTP Server: mod_xml2enc heap overflow
  from 0
• HIGH7.5Apache HTTP Server: mod_http2 denial of service
  from 0, < 2.4.67-1~deb11u2
• HIGH7.5Apache HTTP Server: mod_dav_lock indirect lock crash
  from 0, < 2.4.67-1~deb11u1
• HIGH7.5Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
  from 0, < 2.4.67-1~deb11u1
• HIGH7.5Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF
  from 0, < 2.4.66-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.66-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.66-1~deb11u1
• HIGH7.5Apache HTTP Server: HTTP/2 DoS by Memory Increase
  from 0, < 2.4.65-1~deb11u1
• HIGH7.5Apache HTTP Server: mod_proxy_http2 denial of service
  from 0, < 2.4.65-1~deb11u1
• HIGH7.5Apache HTTP Server: mod_ssl error log variable escaping
  from 0, < 2.4.65-1~deb11u1
• HIGH7.5Apache HTTP Server: SSRF on Windows due to UNC paths
  from 0, < 2.4.65-1~deb11u1
• HIGH7.5Apache HTTP Server: SSRF with mod_headers setting Content-Type header
  from 0, < 2.4.65-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.65-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.65-1~deb11u1
• HIGH7.5Apache HTTP Server: mod_rewrite proxy handler substitution
  from 0, < 2.4.61-1~deb11u1
• HIGH7.5Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
  from 0, < 2.4.61-1~deb11u1
• HIGH7.5Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
  from 0, < 2.4.59-1~deb11u1
• HIGH7.5Apache HTTP Server: DoS in HTTP/2 with initial windows size 0
  from 0, < 2.4.59-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.59-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.59-1~deb11u1
• HIGH7.5Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
  from 0, < 2.4.56-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.56-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.56-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.38-3+deb10u9
• HIGH7.5Information Disclosure in mod_lua with websockets
  from 0, < 2.4.54-1~deb11u1
• HIGH7.5mod_sed denial of service
  from 0, < 2.4.54-1~deb11u1
• HIGH7.5Denial of service in mod_lua r:parsebody
  from 0, < 2.4.54-1~deb11u1
• HIGH7.5mod_proxy_ajp: Possible request smuggling
  from 0, < 2.4.54-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.53-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.25-3+deb9u13
• HIGH7.5null pointer dereference in h2 fuzzing
  from 0, < 2.4.50-1
• HIGH7.5uwsgi - security update
  from 0, < 2.4.51-1~deb11u1
• HIGH7.5apache2 - security update
  from 0, < 2.4.38-3+deb10u6
• HIGH7.5apache2 - security update
  from 0, < 2.4.25-3+deb9u11
• HIGH7.5apache2 - security update
  from 0, < 2.4.51-1~deb11u1
• HIGH7.5Request splitting via HTTP/2 method injection and mod_proxy
  from 0, < 2.4.48-3.1+deb11u1
• HIGH7.5NULL pointer dereference on specially crafted HTTP/2 request
  from 0, < 2.4.46-5
• HIGH7.5mod_session NULL pointer dereference
  from 0, < 2.4.46-6
• HIGH7.5mod_proxy_http NULL pointer dereference
  from 0, < 2.4.46-6
• HIGH7.5Apache HTTP Server versions 2.4.20 to 2.4.43.
  from 0, < 2.4.46-1
• HIGH7.5Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, loggi…
  from 0, < 2.4.46-1
• HIGH7.5apache2 - security update
  from 0, < 2.4.41-1
• HIGH7.5apache2 - security update
  from 0, < 2.4.25-3+deb9u8
• HIGH7.5Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service.
  from 0, < 2.4.41-1
• HIGH7.5apache2 - security update
  from 0, < 2.4.10-10+deb8u14
• HIGH7.5apache2 - security update
  from 0, < 2.4.38-3
• HIGH7.5In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3…
  from 0, < 2.4.38-3
• HIGH7.5A bug exists in the way mod_ssl handled client renegotiations.
  from 0, < 2.4.38-1
• HIGH7.5apache2 - security update
  from 0, < 2.4.38-1
• HIGH7.5apache2 - security update
  from 0, < 2.4.10-10+deb8u13