apache http server 2.2.18 vulnerabilities and exploits

(subscribe to this query)

NA

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a...

Apache Http Server 2.2.21 Apache Http Server 2.2.17 Apache Http Server 2.2.18 Apache Http Server 2.2.19 Apache Http Server 2.2.202 Github repositories available

NA

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request....

Apache Http Server 2.2.18 Apache Http Server 2.2.19 Apache Http Server 2.2.12 Apache Http Server 2.2.13 Apache Http Server 2.2.20 Apache Http Server 2.2.21 Apache Http Server 2.2.14 Apache Http Server 2.2.15 Apache Http Server 2.2.16 Apache Http Server 2.2.172 Github repositories available

NA

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns,...

Apache Apr-util 1.4.3 Apache Http Server 2.2.18 Apache Apr-util 1.4.42 Github repositories available

NA

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject...

NA

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor....

Apache Http Server 2.4.2 Apache Http Server 2.4.3 Apache Http Server -Apache Http Server 2.2.6 Apache Http Server 2.2.14 Apache Http Server 2.2.15 Apache Http Server 2.2.22 Apache Http Server 2.2.23 Apache Http Server Apache Http Server 2.4.7 Apache Http Server 2.2.0 Apache Http Server 2.2.10 Apache Http Server 2.2.11 Apache Http Server 2.2.18 Apache Http Server 2.2.19 Apache Http Server 2.2.26 Apache Http Server 2.2.27 Apache Http Server 2.4.8 Apache Http Server 2.4.1 Apache Http Server 2.2.2 Apache Http Server 2.2.3 Apache Http Server 2.2.4 Apache Http Server 2.2.12 Apache Http Server 2.2.13 Apache Http Server 2.2.20 Apache Http Server 2.2.21 Apache Http Server 2.4.4 Apache Http Server 2.4.6 Apache Http Server 2.2.8 Apache Http Server 2.2.9 Apache Http Server 2.2.16 Apache Http Server 2.2.17 Apache Http Server 2.2.24 Apache Http Server 2.2.2512 Github repositories available

9.8

CVSSv3

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port....

Apache Http Server 2.2.2 Apache Http Server 2.2.3 Apache Http Server 2.2.17 Apache Http Server 2.2.18 Apache Http Server 2.2.26 Apache Http Server 2.2.27 Apache Http Server 2.4.10 Apache Http Server 2.4.12 Apache Http Server 2.2.11 Apache Http Server 2.2.12 Apache Http Server 2.2.19 Apache Http Server 2.2.20 Apache Http Server 2.2.29 Apache Http Server 2.2.30 Apache Http Server 2.4.16 Apache Http Server 2.4.17 Apache Http Server 2.2.13 Apache Http Server 2.2.14 Apache Http Server 2.2.21 Apache Http Server 2.2.22 Apache Http Server 2.2.31 Apache Http Server 2.2.32 Apache Http Server 2.4.18 Apache Http Server 2.4.20 Apache Http Server 2.2.0 Apache Http Server 2.2.15 Apache Http Server 2.2.16 Apache Http Server 2.2.23 Apache Http Server 2.2.24 Apache Http Server 2.2.25 Apache Http Server 2.4.1 Apache Http Server 2.4.2 Apache Http Server 2.4.23 Apache Http Server 2.4.2513 Github repositories available

6.1

CVSSv3

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache...

Apache Http Server 2.2.3 Apache Http Server 2.2.4 Apache Http Server 2.2.14 Apache Http Server 2.2.15 Apache Http Server 2.2.22 Apache Http Server 2.2.23 Apache Http Server 2.4.23 Apache Http Server 2.4.20 Apache Http Server 2.4.18 Apache Http Server 2.4.6 Apache Http Server 2.4.4 Apache Http Server 2.2.10 Apache Http Server 2.2.11 Apache Http Server 2.2.18 Apache Http Server 2.2.19 Apache Http Server 2.2.26 Apache Http Server 2.2.27 Apache Http Server 2.4.12 Apache Http Server 2.4.10 Apache Http Server 2.4.1 Apache Http Server 2.2.6 Apache Http Server 2.2.8 Apache Http Server 2.2.9 Apache Http Server 2.2.16 Apache Http Server 2.2.17 Apache Http Server 2.2.24 Apache Http Server 2.2.25 Apache Http Server 2.4.17 Apache Http Server 2.4.16 Apache Http Server 2.4.3 Apache Http Server 2.4.2 Apache Http Server 2.2.0 Apache Http Server 2.2.2 Apache Http Server 2.2.12 Apache Http Server 2.2.13 Apache Http Server 2.2.20 Apache Http Server 2.2.21 Apache Http Server 2.2.29 Apache Http Server 2.2.31 Apache Http Server 2.4.9 Apache Http Server 2.4.712 Github repositories available

NA

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or...

NA

Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3)...

NA

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory...

Apache Http Server 2.0.55 Apache Http Server 2.0.54 Apache Http Server 2.0.46 Apache Http Server 2.0.49 Apache Http Server 2.0.63 Apache Http Server 2.0.9 Apache Http Server 2.0.35 Apache Http Server 2.0.34 Apache Http Server 2.0.37 Apache Http Server 2.0.57 Apache Http Server 2.0.56 Apache Http Server 2.0.51 Apache Http Server 2.0.48 Apache Http Server 2.0.43 Apache Http Server 2.0.60 Apache Http Server 2.0 Apache Http Server 2.0.36 Apache Http Server 2.0.39 Apache Http Server 2.0.50 Apache Http Server 2.0.53 Apache Http Server 2.0.42 Apache Http Server 2.0.45 Apache Http Server 2.0.28 Apache Http Server 2.0.38 Apache Http Server 2.0.41 Apache Http Server 2.0.61 Apache Http Server 2.0.58 Apache Http Server 2.0.52 Apache Http Server 2.0.47 Apache Http Server 2.0.44 Apache Http Server 2.0.59 Apache Http Server 2.0.32 Apache Http Server 2.0.40 Apache Http Server 2.0.64 Apache Http Server 2.2.1 Apache Http Server 2.2.3 Apache Http Server 2.2.12 Apache Http Server 2.2.19 Apache Http Server 2.2.6 Apache Http Server 2.2.11 Apache Http Server 2.2.0 Apache Http Server 2.2.16 Apache Http Server 2.2.21 Apache Http Server 2.2.9 Apache Http Server 2.2.10 Apache Http Server 2.2.15 Apache Http Server 2.2.2 Apache Http Server 2.2.20 Apache Http Server 2.2.8 Apache Http Server 2.2.13 Apache Http Server 2.2.4 Apache Http Server 2.2.18 Apache Http Server 2.2.141 EDB exploit available10 Github repositories available

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook