UbuntuUpdates.org

Bugs fixes in "apache2"

Origin Bug number Title Date fixed
CVE CVE-2024-38473 Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, po 2024-07-08
CVE CVE-2024-36387 Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, de 2024-07-08
CVE CVE-2024-39884 A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and si 2024-07-08
CVE CVE-2024-39573 Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to 2024-07-08
CVE CVE-2024-38477 null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users 2024-07-08
CVE CVE-2024-38476 Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend a 2024-07-08
CVE CVE-2024-38474 Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by th 2024-07-08
CVE CVE-2024-38473 Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, po 2024-07-08
CVE CVE-2024-36387 Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, de 2024-07-08
CVE CVE-2024-39573 Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to 2024-07-08
CVE CVE-2024-38477 null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users 2024-07-08
CVE CVE-2024-38476 Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend a 2024-07-08
CVE CVE-2024-38473 Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, po 2024-07-08
CVE CVE-2024-38477 null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users 2024-07-08
CVE CVE-2024-38476 Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend a 2024-07-08
CVE CVE-2024-38473 Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, po 2024-07-08
CVE CVE-2024-27316 HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client do 2024-04-29
CVE CVE-2024-24795 HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applicat 2024-04-29
CVE CVE-2023-38709 Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects 2024-04-29
CVE CVE-2024-27316 HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client do 2024-04-29



About   -   Send Feedback to @ubuntu_updates