Уязвимость программного обеспечения Apache HTTP Server, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Уязвимость веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость веб-сервера Apache HTTP Server, позволяющая нарушителю передавать скрытые http-запросы

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.