UbuntuUpdates.org

Bugs fixes in "apache2"

Origin Bug number Title Date fixed
CVE CVE-2021-40438 A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP 2021-09-27
CVE CVE-2021-39275 ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but t 2021-09-27
CVE CVE-2021-36160 A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Ser 2021-09-27
CVE CVE-2021-34798 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. 2021-09-27
CVE CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. Th 2021-09-27
CVE CVE-2021-40438 A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP 2021-09-27
CVE CVE-2021-39275 ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but t 2021-09-27
CVE CVE-2021-36160 A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Ser 2021-09-27
CVE CVE-2021-34798 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. 2021-09-27
CVE CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. Th 2021-09-27
Launchpad 1930430 Apache2 Certificate Chain Verification within Proxy not Working after dist-upgrade to focal 2021-07-15
Launchpad 1930430 Apache2 Certificate Chain Verification within Proxy not Working after dist-upgrade to focal 2021-07-15
Launchpad 1930430 Apache2 Certificate Chain Verification within Proxy not Working after dist-upgrade to focal 2021-07-07
Launchpad 1930430 Apache2 Certificate Chain Verification within Proxy not Working after dist-upgrade to focal 2021-07-07
CVE CVE-2021-30641 Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' 2021-06-21
CVE CVE-2021-26691 In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow 2021-06-21
CVE CVE-2021-26690 Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, 2021-06-21
CVE CVE-2020-35452 Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of thi 2021-06-21
CVE CVE-2021-30641 Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' 2021-06-21
CVE CVE-2021-26691 In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow 2021-06-21



About   -   Send Feedback to @ubuntu_updates