apache2 (SUSE:Enterprise Storage 4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Enterprise Storage 4 package apache2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2019-0217 — CVSS 7.5 (high): In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a…
CVE-2016-8743 — CVSS 7.5 (high): Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response…
CVE-2016-4975 — CVSS 6.1 (medium): Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made…
CVE-2018-11763 — CVSS 5.9 (medium): In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and…
CVE-2019-0220 — CVSS 5.3 (medium): A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive…
CVE-2019-0196 — CVSS 5.3 (medium): A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to…
CVE-2019-0197 — CVSS 4.2 (medium): A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2…