fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression
fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on
specially crafted HTTP/2 request
fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference
fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in
mod_auth_digest
fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference
in parser
fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-908=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.2i586< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.i586.rpm
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm
openSUSE Leap15.2noarch< - openSUSE Leap 15.2 (noarch):- openSUSE Leap 15.2 (noarch):.noarch.rpm

OS	Version	Architecture	Version	Filename
openSUSE Leap	15.2	i586	< - openSUSE Leap 15.2 (i586 x86_64):	- openSUSE Leap 15.2 (i586 x86_64):.i586.rpm
openSUSE Leap	15.2	x86_64	< - openSUSE Leap 15.2 (i586 x86_64):	- openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm
openSUSE Leap	15.2	noarch	< - openSUSE Leap 15.2 (noarch):	- openSUSE Leap 15.2 (noarch):.noarch.rpm

openvas 36

suse 1

nessus 52

debian 2

ubuntu 2

osv 16

photon 5

mageia 1

slackware 1

gentoo 1

kaspersky 1

amazon 5

freebsd 1

ibm 10

rocky 1

redhat 4

almalinux 1

oraclelinux 4

fedora 4

rosalinux 1

cbl_mariner 5

nvd 5

alpinelinux 4

veracode 5

prion 3

cvelist 4

httpd 4

redhatcve 3

archlinux 1

cve 4

f5 4

debiancve 2

vulnrichment 1

ubuntucve 2

cloudlinux 2

cnvd 1

openvas

openSUSE: Security Advisory for apache2 (openSUSE-SU-2021:0908-1)

2021-06-25 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:2127-1)

2021-06-23 00:00:00

openSUSE: Security Advisory for apache2 (openSUSE-SU-2021:2127-1)

2021-07-13 00:00:00

suse

Security update for apache2 (important)

2021-07-10 00:00:00

nessus

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:0908-1)

2021-06-28 00:00:00

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:2127-1)

2021-07-16 00:00:00

SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2021:2127-1)

2021-06-28 00:00:00

debian

[SECURITY] [DSA 4937-1] apache2 security update

2021-07-08 17:14:14

[SECURITY] [DLA 2706-1] apache2 security update

2021-07-09 08:50:21

ubuntu

Apache HTTP Server vulnerabilities

2021-06-21 00:00:00

Apache HTTP Server vulnerabilities

2021-06-21 00:00:00

osv

apache2 vulnerabilities

2021-06-21 14:01:37

apache2 - security update

2021-07-08 00:00:00

apache2 vulnerabilities

2021-06-21 15:25:05

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0365

2021-06-30 00:00:00

Critical Photon OS Security Update - PHSA-2021-0365

2021-06-30 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0409

2021-07-01 00:00:00

mageia

Updated apache packages fix security vulnerabilities

2021-06-16 23:22:25

slackware

[slackware-security] httpd

2021-06-07 19:07:12

gentoo

Apache: Multiple vulnerabilities

2021-07-17 00:00:00

kaspersky

KLA12369 Multiple vulnerabilities in Apache HTTP Server

2021-06-01 00:00:00

amazon

Important: httpd

2021-06-16 20:37:00

Medium: httpd24

2021-07-08 18:38:00

Medium: httpd

2021-07-01 00:59:00

freebsd

Apache httpd -- Multiple vulnerabilities

2021-06-09 00:00:00

ibm

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-31618, CVE-2020-13950, CVE-2019-17567, CVE-2020-26691, CVE-2021-26690, CVE-2020-13938, CVE-2021-30641, CVE-2020-35452)

2022-01-17 18:35:14

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2020-13938, CVE-2021-30641, CVE-2021-26690, CVE-2021-26691)

2021-09-16 06:03:38

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

2021-09-24 22:34:57

rocky

httpd:2.4 security, bug fix, and enhancement update

2021-11-09 08:52:38

redhat

(RHSA-2021:4257) Moderate: httpd:2.4 security, bug fix, and enhancement update

2021-11-09 08:52:38

(RHSA-2021:4613) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update

2021-11-10 17:09:50

(RHSA-2021:4614) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update

2021-11-10 17:10:19

almalinux

Moderate: httpd:2.4 security, bug fix, and enhancement update

2021-11-09 08:52:38

oraclelinux

httpd:2.4 security, bug fix, and enhancement update

2021-11-16 00:00:00

httpd security update

2021-11-04 00:00:00

httpd:2.4 security update

2022-06-24 00:00:00

fedora

[SECURITY] Fedora 34 Update: httpd-2.4.49-1.fc34

2021-09-20 13:58:04

[SECURITY] Fedora 35 Update: httpd-2.4.49-1.fc35

2021-09-24 20:56:12

[SECURITY] Fedora 34 Update: mod_http2-1.15.19-1.fc34

2021-06-20 01:08:23

rosalinux

Advisory ROSA-SA-2023-2159

2023-04-25 11:49:15

cbl_mariner

CVE-2020-13950 affecting package httpd 2.4.46-6

2021-07-08 21:56:40

CVE-2021-26690 affecting package httpd 2.4.46-6

2021-07-08 21:56:40

CVE-2020-35452 affecting package httpd for versions less than 2.4.46-10

2022-04-09 06:51:57

nvd

CVE-2021-31618

2021-06-15 09:15:07

CVE-2020-13950

2021-06-10 07:15:07

CVE-2021-26690

2021-06-10 07:15:07

alpinelinux

CVE-2021-26690

2021-06-10 07:15:07

CVE-2020-35452

2021-06-10 07:15:07

CVE-2021-31618

2021-06-15 09:15:07

veracode

Denial Of Service (DoS)

2021-06-13 08:39:49

Denial Of Service (DoS)

2021-06-11 22:48:50

Denial Of Service(DoS)

2021-06-13 10:29:41

prion

Stack overflow

2021-06-10 07:15:00

Null pointer dereference

2021-06-10 07:15:00

Null pointer dereference

2021-06-15 09:15:00

cvelist

CVE-2020-35452 mod_auth_digest possible stack overflow by one nul byte

2021-06-10 07:10:21

CVE-2021-31618 NULL pointer dereference on specially crafted HTTP/2 request

2021-06-15 00:00:00

CVE-2020-13950 mod_proxy_http NULL pointer dereference

2021-06-10 07:10:21

httpd

Apache Httpd < 2.4.48 : mod_auth_digest possible stack overflow by one nul byte

2020-11-11 00:00:00

Apache Httpd < 2.4.48 : NULL pointer dereference on specially crafted HTTP/2 request

2021-04-22 00:00:00

Apache Httpd < 2.4.48 : Unexpected URL matching with 'MergeSlashes OFF'

2021-04-14 00:00:00

redhatcve

CVE-2020-13950

2021-06-08 03:49:50

CVE-2021-31618

2021-06-04 18:12:55

CVE-2021-26690

2021-06-07 06:12:59

archlinux

[ASA-202106-23] apache: denial of service

2021-06-09 00:00:00

cve

CVE-2021-31618

2021-06-15 09:15:07

CVE-2021-26690

2021-06-10 07:15:07

CVE-2020-35452

2021-06-10 07:15:07

K38453823 : Apache vulnerability CVE-2021-31618

2021-06-23 00:00:00

K87323016 : Apache mod_proxy vulnerability CVE-2020-13950

2022-05-17 00:00:00

K13815051 : Apache vulnerability CVE-2021-30641

2021-07-09 00:00:00

debiancve

CVE-2021-31618

2021-06-15 09:15:07

CVE-2020-13950

2021-06-10 07:15:07

vulnrichment

CVE-2021-31618 NULL pointer dereference on specially crafted HTTP/2 request

2021-06-15 00:00:00

ubuntucve

CVE-2021-31618

2021-06-15 00:00:00

CVE-2020-35452

2021-06-10 00:00:00

cloudlinux

Fix of CVE: CVE-2020-35452

2021-09-28 14:25:08

Fix of CVE: CVE-2020-35452

2021-10-07 10:12:23

cnvd

Apache HTTP Server Stack Overflow Vulnerability

2021-06-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.706 High

EPSS

Percentile

98.1%

JSON

Related for OPENSUSE-SU-2021:0908-1