UbuntuUpdates.org

Bugs fixes in "apache2"

Origin Bug number Title Date fixed
CVE CVE-2024-36387 Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, de 2024-07-08
CVE CVE-2024-39884 A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and si 2024-07-08
CVE CVE-2024-39573 Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to 2024-07-08
CVE CVE-2024-38477 null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users 2024-07-08
CVE CVE-2024-38476 Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend a 2024-07-08
CVE CVE-2024-38474 Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by th 2024-07-08
CVE CVE-2024-38473 Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, po 2024-07-08
CVE CVE-2024-36387 Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, de 2024-07-08
CVE CVE-2024-39884 A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and si 2024-07-08
CVE CVE-2024-39573 Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to 2024-07-08
CVE CVE-2024-38477 null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users 2024-07-08
CVE CVE-2024-38476 Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend a 2024-07-08
CVE CVE-2024-38474 Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by th 2024-07-08
CVE CVE-2024-38473 Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, po 2024-07-08
CVE CVE-2024-36387 Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, de 2024-07-08
CVE CVE-2024-39573 Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to 2024-07-08
CVE CVE-2024-38477 null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users 2024-07-08
CVE CVE-2024-38476 Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend a 2024-07-08
CVE CVE-2024-38473 Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, po 2024-07-08
CVE CVE-2024-38477 null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users 2024-07-08



About   -   Send Feedback to @ubuntu_updates