| Max CVSS | 7.8 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-9517 | 7.8 |
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so
|
19-01-2023 - 20:13 | 13-08-2019 - 21:15 | |
| CVE-2020-9490 | 5.0 |
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via
|
07-10-2022 - 12:58 | 07-08-2020 - 16:15 | |
| CVE-2019-0220 | 5.0 |
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions
|
25-07-2022 - 18:15 | 11-06-2019 - 21:29 | |
| CVE-2020-1934 | 5.0 |
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
|
26-04-2022 - 17:05 | 01-04-2020 - 20:15 | |
| CVE-2019-0215 | 6.0 |
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
|
06-06-2021 - 11:15 | 08-04-2019 - 20:29 |