Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server 1.4.0 vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2019-20445
HttpObjectDecoder.java in Netty prior to 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Netty Netty
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Canonical Ubuntu Linux 18.04
Redhat Jboss Amq Clients 2
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Apache Spark 2.4.7
Apache Spark 2.4.8
7.5
CVSSv3
CVE-2017-7686
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where...
Apache Ignite 1.6.0
Apache Ignite 1.4.0
Apache Ignite 1.3.0
Apache Ignite 1.2.0
Apache Ignite 1.1.0
Apache Ignite 1.9.0
Apache Ignite 1.7.0
Apache Ignite 1.5.0
Apache Ignite 1.0.0
Apache Ignite 2.0.0
Apache Ignite 1.8.0
6.5
CVSSv3
CVE-2023-28484
In libxml2 prior to 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
Xmlsoft Libxml2
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2023-29469
An issue exists in libxml2 prior to 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an...
Xmlsoft Libxml2
Debian Debian Linux 10.0
1 Github repository
5.9
CVSSv3
CVE-2023-28321
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather t...
Haxx Curl
Debian Debian Linux 10.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Netapp Clustered Data Ontap -
Netapp Ontap Antivirus Connector -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Apple Macos
1 Github repository
5.3
CVSSv3
CVE-2018-8003
Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the ...
Apache Ambari
3.7
CVSSv3
CVE-2023-28322
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously ...
Haxx Curl
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Apple Macos
Netapp Clustered Data Ontap -
Netapp Ontap Antivirus Connector -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
1 Github repository
NA
CVE-2007-6750
The Apache HTTP Server 1.x and 2.x allows remote malicious users to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions prior to 2.2.15.
Apache Http Server 1.3.18
Apache Http Server 1.3.17
Apache Http Server 1.3.22
Apache Http Server 1.3.23
Apache Http Server 1.2
Apache Http Server 1.3.16
Apache Http Server 1.3.15
Apache Http Server 1.0.2
Apache Http Server 1.3.34
Apache Http Server 1.3.36
Apache Http Server 1.3.0
Apache Http Server 1.3.38
Apache Http Server 1.3.42
Apache Http Server 1.3.2
Apache Http Server 1.0
Apache Http Server 1.1
Apache Http Server 1.3.1
Apache Http Server 1.3.11
Apache Http Server 1.3.30
Apache Http Server 1.3.31
Apache Http Server 1.3.5
Apache Http Server 1.4.0
1 Nmap script
17 Github repositories
NA
CVE-2011-0715
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion prior to 1.6.16, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Apache Subversion 1.0.1
Apache Subversion 0.36.0
Apache Subversion 1.0.9
Apache Subversion 1.0.6
Apache Subversion 1.2.1
Apache Subversion 1.2.0
Apache Subversion 1.1.4
Apache Subversion 1.4.0
Apache Subversion 0.18.1
Apache Subversion 0.18.0
Apache Subversion 0.22.2
Apache Subversion 0.28.1
Apache Subversion 0.28.0
Apache Subversion 0.34.0
Apache Subversion 0.33.1
Apache Subversion 1.5.0
Apache Subversion 1.5.3
Apache Subversion 1.6.3
Apache Subversion 1.6.2
Apache Subversion 0.9
Apache Subversion 0.8
Apache Subversion 0.15
NA
CVE-2010-4539
The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion prior to 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking ...
Apache Subversion 1.2.0
Apache Subversion 1.0.4
Apache Subversion 1.6.10
Apache Subversion 0.22.0
Apache Subversion 1.0.8
Apache Subversion 1.4.5
Apache Subversion 1.0.2
Apache Subversion 1.1.2
Apache Subversion 0.26.0
Apache Subversion 0.10.1
Apache Subversion 0.15
Apache Subversion 1.0.9
Apache Subversion 1.4.2
Apache Subversion 0.37.0
Apache Subversion M2
Apache Subversion 1.6.2
Apache Subversion 0.9
Apache Subversion 0.7
Apache Subversion 0.19.0
Apache Subversion 0.22.2
Apache Subversion 0.12.0
Apache Subversion 1.5.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started