Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-7668 | 5.0 |
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacke
|
21-04-2022 - 14:40 | 20-06-2017 - 01:29 | |
CVE-2017-7679 | 7.5 |
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
|
06-06-2021 - 11:15 | 20-06-2017 - 01:29 | |
CVE-2017-7659 | 5.0 |
A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.
|
06-06-2021 - 11:15 | 26-07-2017 - 21:29 | |
CVE-2017-3169 | 7.5 |
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
|
06-06-2021 - 11:15 | 20-06-2017 - 01:29 | |
CVE-2017-3167 | 7.5 |
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
|
06-06-2021 - 11:15 | 20-06-2017 - 01:29 |