Debian Apache2 vulnerabilities

CVE-2021-30641 [MEDIUM] CVE-2021-30641: apache2 - Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with '... Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' Scope: local bookworm: resolved (fixed in 2.4.46-6) bullseye: resolved (fixed in 2.4.46-6) forky: resolved (fixed in 2.4.46-6) sid: resolved (fixed in 2.4.46-6) trixie: resolved (fixed in 2.4.46-6)

CVE-2021-20325 [CRITICAL] CVE-2021-20325: apache2 - Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as... Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were properly fixed in R

CVE-2020-11984 [CRITICAL] CVE-2020-11984: apache2 - Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible... Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE Scope: local bookworm: resolved (fixed in 2.4.46-1) bullseye: resolved (fixed in 2.4.46-1) forky: resolved (fixed in 2.4.46-1) sid: resolved (fixed in 2.4.46-1) trixie: resolved (fixed in 2.4.46-1)

CVE-2020-35452 [HIGH] CVE-2020-35452: apache2 - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can... Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a singl

CVE-2020-9490 [HIGH] CVE-2020-9490: apache2 - Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the ... Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. Scope: local bookworm: resolved (fixed in 2.4.46-1)

CVE-2020-13950 [HIGH] CVE-2020-13950: apache2 - Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash... Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service Scope: local bookworm: resolved (fixed in 2.4.46-6) bullseye: resolved (fixed in 2.4.46-6) forky: resolved (fixed in 2.4.46-6) sid: resolved

CVE-2020-11993 [HIGH] CVE-2020-11993: apache2 - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for th... Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. Scope: local bookworm: resolved (

CVE-2020-11985 [MEDIUM] CVE-2020-11985: apache2 - IP address spoofing when proxying using mod_remoteip and mod_rewrite For configu... IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. Scope: local bookworm: reso

CVE-2020-1927 [MEDIUM] CVE-2020-1927: apache2 - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite tha... In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. Scope: local bookworm: resolved (fixed in 2.4.43-1) bullseye: resolved (fixed in 2.4.43-1) forky: resolved (fixed in 2.4.43-1) sid: resolved (fi

CVE-2020-1934 [MEDIUM] CVE-2020-1934: apache2 - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memor... In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. Scope: local bookworm: resolved (fixed in 2.4.43-1) bullseye: resolved (fixed in 2.4.43-1) forky: resolved (fixed in 2.4.43-1) sid: resolved (fixed in 2.4.43-1) trixie: resolved (fixed in 2.4.43-1)

CVE-2020-13938 [MEDIUM] CVE-2020-13938: apache2 - Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop ht... Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-10082 [CRITICAL] CVE-2019-10082: apache2 - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 sess... In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. Scope: local bookworm: resolved (fixed in 2.4.41-1) bullseye: resolved (fixed in 2.4.41-1) forky: resolved (fixed in 2.4.41-1) sid: resolved (fixed in 2.4.41-1) trixie: resolved (fixed in 2.4.41-

CVE-2019-0217 [HIGH] CVE-2019-0217: apache2 - In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth... In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. Scope: local bookworm: resolved (fixed in 2.4.38-3) bullseye: resolved (fixed in 2.4.38-3) forky: resolved (fixed in

CVE-2019-9517 [HIGH] CVE-2019-9517: apache2 - Some HTTP/2 implementations are vulnerable to unconstrained interal data bufferi... Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a larg

CVE-2019-10081 [HIGH] CVE-2019-10081: apache2 - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H... HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. Scope: local bookworm: resolved (fixed in 2.4.41-1) bullseye: resolved (fixed in 2

CVE-2019-0215 [HIGH] CVE-2019-0215: apache2 - In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when usin... In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. Scope: local bookworm: resolved (fixed in 2.4.38-3) bullseye: resolved (fixed in 2.4.38-3) forky: resolved (fixed in 2.4.38-3) sid: resolved (fixed in 2.4.38-3) tr

CVE-2019-0211 [HIGH] CVE-2019-0211: apache2 - In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or p... In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

CVE-2019-0190 [HIGH] CVE-2019-0190: apache2 - A bug exists in the way mod_ssl handled client renegotiations. A remote attacker... A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation at

CVE-2019-10097 [HIGH] CVE-2019-10097: apache2 - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a t... In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. Scope: local bookworm: resolved

CVE-2019-10092 [MEDIUM] CVE-2019-10092: apache2 - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was rep... In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Er