pkg:Bitnami/apache

所有已知漏洞

• CRITICAL9.8CVE-2021-42013⚠ KEVPath Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
  >= 2.4.49, < 2.4.50, >= 2.4.50, < 2.4.51
• CRITICAL9.8CVE-2021-41773⚠ KEVPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
  >= 2.4.49, < 2.4.50
• CRITICAL9.1⚠ KEVApache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
  >= 2.4.0, < 2.4.60
• CRITICAL9.0⚠ KEVmod_proxy SSRF
  from 0, < 2.4.49
• CRITICAL9.8Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
  >= 2.4.0, < 2.4.68
• CRITICAL9.8Apache HTTP Server: mod_ldap per-dir use-after-free
  >= 2.4.0, < 2.4.68
• CRITICAL9.8Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()
  from 0, < 2.4.67
• CRITICAL9.8Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
  >= 2.4.0, < 2.4.60
• CRITICAL9.8Apache HTTP Server weakness with encoded question marks in backreferences
  >= 2.4.0, < 2.4.60
• CRITICAL9.8Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
  >= 2.4.0, < 2.4.56
• CRITICAL9.8mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
  from 0, < 2.4.54
• CRITICAL9.8mod_sed: Read/write beyond bounds
  from 0, < 2.4.53
• CRITICAL9.8HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
  from 0, < 2.4.53
• CRITICAL9.8Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
  from 0, < 2.4.52
• CRITICAL9.8ap_escape_quotes buffer overflow
  from 0, < 2.4.49
• CRITICAL9.8Apache HTTP Server mod_session response handling heap overflow
  >= 2.4.0, < 2.4.47
• CRITICAL9.8apache2 - security update
  >= 2.4.32, < 2.4.44
• CRITICAL9.1Apache HTTP Server: mod_dav_fs protected directory access
  from 0, < 2.4.68
• CRITICAL9.1Apache HTTP Server: mod_ssl access control bypass with session resumption
  >= 2.4.35, < 2.4.64
• CRITICAL9.1Read beyond bounds in ap_strcmp_match()
  from 0, < 2.4.54
• CRITICAL9.1core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
  from 0, < 2.4.53
• CRITICAL9.0Apache HTTP Server: mod_proxy_ajp Possible request smuggling
  >= 2.4.0, < 2.4.55
• HIGH8.8Apache HTTP Server: http2: double free and possible RCE on early reset
  >= 2.4.66, < 2.4.67
• HIGH8.8Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
  from 0, < 2.4.67
• HIGH8.3Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
  from 0, < 2.4.66
• HIGH8.2Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
  >= 2.4.7, < 2.4.52
• HIGH8.1Apache HTTP Server proxy encoding problem
  >= 2.4.0, < 2.4.60
• HIGH7.5Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
  >= 2.4.0, < 2.4.68
• HIGH7.5Apache HTTP Server: mod_proxy_html buffer overflow
  >= 2.4.0, < 2.4.68
• HIGH7.5Apache HTTP Server: mod_xml2enc heap overflow
  >= 2.4.0, < 2.4.68
• HIGH7.5Apache HTTP Server: mod_http2 denial of service
  >= 2.4.17, < 2.4.68
• HIGH7.5Apache HTTP Server: mod_dav_lock indirect lock crash
  from 0, < 2.4.67
• HIGH7.5Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
  from 0, < 2.4.67
• HIGH7.5Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF
  >= 2.4.0, < 2.4.66
• HIGH7.5Apache HTTP Server: mod_md (ACME), unintended retry intervals
  >= 2.4.30, < 2.4.66
• HIGH7.5Apache HTTP Server: HTTP/2 DoS by Memory Increase
  >= 2.4.17, < 2.4.64
• HIGH7.5Apache HTTP Server: mod_proxy_http2 denial of service
  >= 2.4.26, < 2.4.64
• HIGH7.5Apache HTTP Server: mod_ssl error log variable escaping
  >= 2.4.0, < 2.4.64
• HIGH7.5Apache HTTP Server: SSRF on Windows due to UNC paths
  >= 2.4.0, < 2.4.64
• HIGH7.5Apache HTTP Server: SSRF with mod_headers setting Content-Type header
  >= 2.4.0, < 2.4.64
• HIGH7.5Apache HTTP Server: HTTP response splitting
  >= 2.4.0, < 2.4.64
• HIGH7.5libapache2-mod-auth-openidc - security update
• HIGH7.5Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
  >= 2.4.0, < 2.4.62
• HIGH7.5Apache HTTP Server: mod_rewrite proxy handler substitution
  >= 2.4.0, < 2.4.60
• HIGH7.5Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
  >= 2.4.0, < 2.4.60
• HIGH7.5SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or conte…
  >= 2.4.0, < 2.4.60
• HIGH7.5Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
  >= 2.4.17, < 2.4.59
• HIGH7.5Apache HTTP Server: DoS in HTTP/2 with initial windows size 0
  >= 2.4.55, < 2.4.58
• HIGH7.5Apache HTTP Server: mod_macro buffer over-read
  from 0, < 2.4.58
• HIGH7.5Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting
  >= 2.4.30, < 2.4.56
• HIGH7.5Information Disclosure in mod_lua with websockets
  from 0, < 2.4.54
• HIGH7.5mod_sed denial of service
  >= 2.4.53, < 2.4.54
• HIGH7.5Denial of service in mod_lua r:parsebody
  from 0, < 2.4.54
• HIGH7.5mod_proxy_ajp: Possible request smuggling
  from 0, < 2.4.54
• HIGH7.5mod_lua Use of uninitialized value of in r:parsebody
  from 0, < 2.4.53
• HIGH7.5null pointer dereference in h2 fuzzing
  >= 2.4.49, < 2.4.50
• HIGH7.5mod_proxy_uwsgi out of bound read
  >= 2.4.30, < 2.4.49
• HIGH7.5NULL pointer dereference in httpd core
  from 0, < 2.4.49
• HIGH7.5Request splitting via HTTP/2 method injection and mod_proxy
  >= 2.4.17, < 2.4.49
• HIGH7.5NULL pointer dereference on specially crafted HTTP/2 request
  >= 1.15.17, < 1.15.18, >= 2.4.47, < 2.4.48
• HIGH7.5mod_session NULL pointer dereference
  >= 2.4.0, < 2.4.47
• HIGH7.5mod_proxy_http NULL pointer dereference
  >= 2.4.41, < 2.4.47
• HIGH7.5Apache HTTP Server versions 2.4.20 to 2.4.43.
  >= 2.4.20, < 2.4.46
• HIGH7.5Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, loggi…
  >= 2.4.20, < 2.4.44
• HIGH7.4Apache HTTP Server: mod_ssl TLS upgrade attack
  from 0, < 2.4.64
• HIGH7.3Apache HTTP Server: mod_http2 memory corruption when file handles exhausted
  >= 2.4.55, < 2.4.68
• HIGH7.3Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
  >= 2.4.0, < 2.4.68
• HIGH7.3Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
  >= 2.4.0, < 2.4.68
• HIGH7.3Apache HTTP Server: mod_md unrestricted OCSP response
  >= 2.4.30, < 2.4.67
• HIGH7.3Apache HTTP Server: HTTP response splitting
  from 0, < 2.4.59
• HIGH7.3mod_auth_digest possible stack overflow by one nul byte
  >= 2.4.0, < 2.4.47
• MEDIUM6.5Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash
  >= 2.4.0, < 2.4.68
• MEDIUM6.5Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
  >= 2.4.0, < 2.4.67
• MEDIUM6.5Apache HTTP Server: CGI environment variable override
  >= 2.4.0, < 2.4.66
• MEDIUM6.3Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
  >= 2.4.64, < 2.4.65
• MEDIUM6.3Apache HTTP Server: HTTP Response Splitting in multiple modules
  >= 2.4.0, < 2.4.59
• MEDIUM6.2Apache HTTP Server: source code disclosure with handlers configured via AddType
  >= 2.4.60, < 2.4.61
• MEDIUM6.1Apache HTTP Server: mod_proxy_ftp XSS
  from 0, < 2.4.68
• MEDIUM6.1apache2 - security update
  >= 2.4.0, < 2.4.42
• MEDIUM5.9Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST
  >= 2.4.17, < 2.4.58
• MEDIUM5.5Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
  >= 2.4.0, < 2.4.68
• MEDIUM5.5Improper Handling of Insufficient Privileges
  >= 2.4.0, < 2.4.47
• MEDIUM5.4Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
  >= 2.4.7, < 2.4.66
• MEDIUM5.4Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
  >= 2.4.55, < 2.4.60
• MEDIUM5.3Apache HTTP Server: mod_authn_socache crash
  >= 2.4.0, < 2.4.67
• MEDIUM5.3Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
  from 0, < 2.4.67
• MEDIUM5.3Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
  from 0, < 2.4.67
• MEDIUM5.3Apache HTTP Server: source code disclosure with handlers configured via AddType
  >= 2.4.60, < 2.4.62
• MEDIUM5.3Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
  from 0, < 2.4.55
• MEDIUM5.3read beyond bounds via ap_rwrite()
  from 0, < 2.4.54
• MEDIUM5.3read beyond bounds in mod_isapi
  from 0, < 2.4.54
• MEDIUM5.3Unexpected URL matching with 'MergeSlashes OFF'
  >= 2.4.39, < 2.4.47
• MEDIUM5.3IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_re…
  >= 2.4.1, < 2.4.24
• MEDIUM5.3In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
  >= 2.4.0, < 2.4.42
• MEDIUM4.8Apache HTTP Server: mod_auth_digest timing attack
  from 0, < 2.4.67