GCVE - cpe:2.3:a:n/a:apache_http_server:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:apache_http_server:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Apache Http Server (`9f679126-9eb3-54af-8a67-f6d85cc70b2e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-9490`	vulnerable	2026-06-08 05:28:02.018659	Details available Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. Published: 2020-08-07T15:24:49.000Z Updated: 2024-08-04T10:26:16.299Z Open on db.gcve.eu Reference links https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490 https://security.gentoo.org/glsa/202008-04 https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-11993`	vulnerable	2026-06-08 05:17:56.056850	Details available Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. Published: 2020-08-07T15:32:55.000Z Updated: 2024-08-04T11:48:57.265Z Open on db.gcve.eu Reference links https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 https://security.gentoo.org/glsa/202008-04 https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-11985`	vulnerable	2026-06-08 05:17:56.010690	Details available IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. Published: 2020-08-07T15:36:31.000Z Updated: 2024-08-04T11:48:58.232Z Open on db.gcve.eu Reference links https://httpd.apache.org/security/vulnerabilities_24.html https://security.gentoo.org/glsa/202008-04 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/ https://www.oracle.com/security-alerts/cpujan2021.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-11984`	vulnerable	2026-06-08 05:17:55.997628	Details available Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE Published: 2020-08-07T15:27:15.000Z Updated: 2024-08-04T11:48:57.555Z Open on db.gcve.eu Reference links https://httpd.apache.org/security/vulnerabilities_24.html http://www.openwall.com/lists/oss-security/2020/08/08/1 https://security.gentoo.org/glsa/202008-04 http://www.openwall.com/lists/oss-security/2020/08/08/10 http://www.openwall.com/lists/oss-security/2020/08/08/8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10098`	vulnerable	2026-06-08 05:12:22.242480	Details available In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. Published: 2019-09-25T16:39:23.000Z Updated: 2024-08-04T22:10:09.765Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2020/04/01/4 https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E https://www.oracle.com/security-alerts/cpuapr2020.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10097`	vulnerable	2026-06-08 05:12:22.236390	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10092`	vulnerable	2026-06-08 05:12:22.222891	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10082`	vulnerable	2026-06-08 05:12:22.122889	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10081`	vulnerable	2026-06-08 05:12:22.121700	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.