Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server 2.4.9 vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-40674
libexpat prior to 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2022-43680
In libexpat up to and including 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Netapp Oncommand Workflow Automation -
Netapp Solidfire \\& Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Hci Compute Node Firmware -
7.5
CVSSv3
CVE-2021-32785
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions before 2.4.9 are configured to use an unencrypted R...
Openidc Mod Auth Openidc
Netapp Cloud Backup -
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2016-2161
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
Apache Http Server 2.4.1
Apache Http Server 2.4.20
Apache Http Server 2.4.6
Apache Http Server 2.4.0
Apache Http Server 2.4.12
Apache Http Server 2.4.3
Apache Http Server 2.4.23
Apache Http Server 2.4.8
Apache Http Server 2.4.10
Apache Http Server 2.4.7
Apache Http Server 2.4.14
Apache Http Server 2.4.22
Apache Http Server 2.4.2
Apache Http Server 2.4.19
Apache Http Server 2.4.16
Apache Http Server 2.4.9
Apache Http Server 2.4.21
7.5
CVSSv3
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnera...
Apache Http Server 2.4.1
Apache Http Server 2.4.20
Apache Http Server 2.4.6
Apache Http Server 2.4.0
Apache Http Server 2.4.12
Apache Http Server 2.4.3
Apache Http Server 2.4.23
Apache Http Server 2.4.8
Apache Http Server 2.4.10
Apache Http Server 2.4.7
Apache Http Server 2.4.14
Apache Http Server 2.4.22
Apache Http Server 2.4.2
Apache Http Server 2.4.19
Apache Http Server 2.4.16
Apache Http Server 2.4.9
Apache Http Server 2.4.21
1 EDB exploit
6.1
CVSSv3
CVE-2021-32792
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when us...
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.1
CVSSv3
CVE-2021-32786
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions before 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the s...
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5.9
CVSSv3
CVE-2021-32791
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openi...
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
NA
CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x up to and including 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote malicious user...
Apache Http Server 2.4.1
Apache Http Server 2.4.6
Apache Http Server 2.4.3
Apache Http Server 2.4.4
Apache Http Server 2.4.10
Apache Http Server 2.4.7
Apache Http Server 2.4.2
Apache Http Server 2.4.9
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 21
Oracle Enterprise Manager Ops Center 12.2.1
Oracle Enterprise Manager Ops Center 12.3.0
Oracle Enterprise Manager Ops Center 12.2.0
Oracle Enterprise Manager Ops Center
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started