-
CVE-2021-31618
Latest security vulnerabilities Apache Http Server Jun 15, 2021 | 00:00 amApache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent[…]
Read more... -
CVE-2020-13950
Latest security vulnerabilities Apache Http Server Jun 10, 2021 | 00:00 amApache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service (CVSS:5.0) (Last Update:2021-07-17)
Read more... -
CVE-2020-35452
Latest security vulnerabilities Apache Http Server Jun 10, 2021 | 00:00 amApache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular[…]
Read more... -
CVE-2021-26690
Latest security vulnerabilities Apache Http Server Jun 10, 2021 | 00:00 amApache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service (CVSS:5.0) (Last Update:2021-07-17)
Read more... -
CVE-2021-26691
Latest security vulnerabilities Apache Http Server Jun 10, 2021 | 00:00 amIn Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow (CVSS:7.5) (Last Update:2021-07-17)
Read more... -
CVE-2021-30641
Latest security vulnerabilities Apache Http Server Jun 10, 2021 | 00:00 amApache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' (CVSS:5.0) (Last Update:2021-07-17)
Read more... -
CVE-2020-9490
Latest security vulnerabilities Apache Http Server Aug 7, 2020 | 00:00 amApache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via[…]
Read more... -
CVE-2020-11984
Latest security vulnerabilities Apache Http Server Aug 7, 2020 | 00:00 amApache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE (CVSS:7.5) (Last Update:2021-06-06)
Read more... -
CVE-2020-11985
Latest security vulnerabilities Apache Http Server Aug 7, 2020 | 00:00 amIP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server[…]
Read more... -
CVE-2020-11993
Latest security vulnerabilities Apache Http Server Aug 7, 2020 | 00:00 amApache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2[…]
Read more...
Let's Encrypt ist eine gemeinnützige Zertifizierungsstelle. Mit Unterstützung von Mozilla, der Bürgerrechtsorganisation Electronic Frontier Foundation (EFF) und einigen Unternehmen wie z.B. Content-Delivery-Netzwerk-Anbieter Akamai und Cisco soll so jeder kostenlos ein TLS-Zertifikat erhalten können, um die Verbindungen zu eigenen Webseiten per HTTPS verschlüsseln zu können.