Severity: moderate
Affected versions:
- Apache HTTP Server 2.4.17 through 2.4.63
Description:
Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP
Server.
This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.
Users are recommended to upgrade to version 2
Severity: moderate
Affected versions:
- Apache HTTP Server through 2.4.63
Description:
In some mod_ssl configurations on Apache HTTP Server versions through to
2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to
hijack an HTTP session via a TLS upgrade.
Only co
Severity: low
Affected versions:
- Apache HTTP Server 2.4.26 through 2.4.63
Description:
In certain proxy configurations, a denial of service attack against Apache HTTP
Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients
causing an assertion in mod_proxy_http2.
Severity: moderate
Affected versions:
- Apache HTTP Server 2.4.35 through 2.4.63
Description:
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63,
an access control bypass by trusted clients is possible using TLS 1.3 session
resumption.
Configurations are affecte
Severity: moderate
Affected versions:
- Apache HTTP Server 2.4.0 through 2.4.63
Description:
HTTP response splitting in the core of Apache HTTP Server allows an attacker
who can manipulate the Content-Type response headers of applications hosted or
proxied by the server can split the HTTP
