Apache CVEs Assigned in 2022 |
| CVE |
Affected Apache Versions |
Affected Module |
Article |
Affects ePO |
Reason ePO isn't Affected |
| CVE-2022-31813 |
2.4.53 and earlier |
mod_proxy |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2022-30556 |
2.4.53 and earlier |
mod_lua |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2022-30522 |
2.4.53 only |
mod_sed |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2022-29404 |
2.4.53 and earlier |
mod_lua |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2022-28330 |
2.4.53 and earlier |
mod_isapi |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2022-26377 |
2.4.53 and earlier |
mod_proxy_ajp |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2022-23943 |
2.4.52 and earlier |
mod_sed |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2022-22719 |
2.4.52 and earlier |
mod_lua |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
|
Apache CVEs Assigned in 2021
|
| CVE |
Affected Apache Versions |
Affected Module |
Article |
Affects ePO |
Reason ePO isn't Affected |
| CVE-2021-44224 |
2.4.7–2.4.51 |
mod_proxy |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2021-44790 |
2.4.51 and earlier |
mod_lua |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2021-42013 |
2.4.49 and 2.4.50 |
n/a |
KB94967 |
No |
ePO doesn't consume an affected version. |
| CVE-2021-41773 |
2.4.49 and 2.4.50 |
n/a |
No |
ePO doesn't consume an affected version. |
| CVE-2021-41524 |
2.4.49 |
n/a |
No |
ePO doesn't consume an affected version. |
| CVE-2021-40438 |
2.4.48 and earlier |
mod_proxy |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2021-39275 |
2.4.48 and earlier |
n/a |
n/a |
No |
ePO doesn't use any third-party modules and mostly uses the Apache default modules that aren't affected. ePO has some custom modules and handlers implemented that are specific to ePO. But, they don't pass untrusted data directly to the vulnerable function.
NOTE: Apache is upgraded to version 2.4.51 in ePO 5.10 Update 13. |
| CVE-2021-36160 |
2.4.30–2.4.48 |
mod_proxy_uwsgi |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2021-34798 |
2.4.48 and earlier |
n/a |
SB10379 |
Yes |
n/a |
| CVE-2021-33193 |
2.4.17–2.4.48 |
mod_proxy |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2021-31618 |
2.4.39–2.4.46 |
mod_http2 |
n/a |
No |
ePO doesn't consume an affected version, or load the affected module. |
| CVE-2021-30641 |
2.4.39–2.4.46 |
n/a |
n/a |
No |
ePO doesn't consume an affected version. |
| CVE-2021-26691 |
2.4.0– 2.4.46 |
mod_session |
KB95046 |
No |
ePO doesn't consume an affected version, or load the affected module. |
| CVE-2021-26690 |
2.4.0– 2.4.46 |
mod_session |
No |
ePO doesn't consume an affected version, or load the affected module. |
Apache CVEs Assigned in 2020 |
| CVE |
Affected Apache Versions |
Affected Module |
Article
|
Affects ePO |
Reason ePO isn't Affected |
| CVE-2020-35452 |
2.4.0–2.4.46 |
mod_auth_digest |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2020-13950 |
2.4.41–2.4.46 |
mod_proxy_http |
n/a |
No |
ePO doesn't consume an affected version or load the affected module. |
| CVE-2020-13938 |
2.4.0–2.4.46 |
n/a |
SB10379 |
Yes |
n/a |
| CVE-2020-11993 |
2.4.20–2.4.43 |
mod_http2 |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2020-11984 |
2.4.32–2.4.43 |
mod_proxy_uwsgi |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2020-9490 |
2.4.20–2.4.43 |
mod_http2 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2020-1934 |
2.4.0–2.4.41 |
mod_proxy_ftp |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2020-1927 |
2.4.0–2.4.41 |
mod_rewrite |
No |
ePO doesn't load the affected module for Apache. |
Apache CVEs Assigned in 2019 |
| CVE |
Affected Apache Versions |
Affected Module |
Article
|
Affects ePO |
Reason ePO isn't Affected |
| CVE-2019-17567 |
2.4.6– 2.4.46 |
mod_proxy_wstunnel |
KB82555 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2019-10098 |
2.4.0– 2.4.39 |
mod_rewrite |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2019-10097 |
2.4.33–2.4.38 |
mod_remoteip |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2019-10092 |
2.4.0–2.4.39 |
mod_proxy |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2019-10082 |
2.4.18–2.4.39 |
mod_http2 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2019-10081 |
2.4.20–2.4.39 |
mod_http2 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2019-9517 |
2.4.20–2.4.39 |
mod_http2 |
SB10296 |
No |
The security bulletin indicates that ePO isn't vulnerable, because ePO doesn't load the affected module for Apache. |
| CVE-2019-0220 |
2.4.0–2.4.38 |
n/a |
KB91440 |
No |
ePO isn't affected. |
| CVE-2019-0217 |
2.4.0–2.4.38 |
mod_auth_digest |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2019-0215 |
2.4.37–2.4.38 |
mod_ssl |
No |
ePO Apache doesn't support TLS1.3 yet. |
| CVE-2019-0211 |
2.4.17– 2.4.38 |
n/a |
No |
ePO is Windows only and this CVE affects only UNIX systems. |
| CVE-2019-0197 |
2.4.34–2.4.38 |
mod_http2 |
No |
ePO doesn't load the affected module for Apache. |
| CVE-2019-0196 |
2.4.17–2.4.38 |
mod_http2 |
No |
ePO doesn't load the affected module for Apache. |
