announce@httpd.apache.org, 2021-06

You are viewing a plain text version of this content. The canonical link for it is here.

- [ANNOUNCEMENT] Apache HTTP Server 2.4.48 Released - posted by Christophe JAILLET <ja...@apache.org> on 2021/06/01 10:43:51 UTC, 0 replies.
- CVE-2019-17567: mod_proxy_wstunnel tunneling of non Upgraded connections - posted by Christophe JAILLET <ja...@apache.org> on 2021/06/09 21:11:00 UTC, 0 replies.
- CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request - posted by Christophe JAILLET <ja...@apache.org> on 2021/06/09 21:11:00 UTC, 0 replies.
- CVE-2021-30641: Unexpected URL matching with 'MergeSlashes OFF' - posted by Christophe JAILLET <ja...@apache.org> on 2021/06/09 21:11:00 UTC, 0 replies.
- CVE-2021-26691: mod_session response handling heap overflow - posted by Christophe JAILLET <ja...@apache.org> on 2021/06/09 21:11:00 UTC, 0 replies.
- CVE-2020-35452: mod_auth_digest possible stack overflow by one nul byte - posted by Christophe JAILLET <ja...@apache.org> on 2021/06/09 21:11:00 UTC, 0 replies.
- CVE-2020-13938: Improper Handling of Insufficient Privileges - posted by Christophe JAILLET <ja...@apache.org> on 2021/06/09 21:11:00 UTC, 0 replies.
- CVE-2020-13950: mod_proxy_http NULL pointer dereference - posted by Christophe JAILLET <ja...@apache.org> on 2021/06/09 21:11:00 UTC, 0 replies.
- CVE-2021-26690: mod_session NULL pointer dereference - posted by Christophe JAILLET <ja...@apache.org> on 2021/06/09 21:11:00 UTC, 0 replies.