|Max CVSS||5.0||Min CVSS||5.0||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in
|30-03-2021 - 17:15||27-07-2017 - 21:29|
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated en
|30-03-2021 - 13:15||27-07-2017 - 21:29|
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
|30-03-2021 - 12:16||27-07-2017 - 21:29|