apache http server 2.2.22 vulnerabilities and exploits

(subscribe to this query)

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject...

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor....

Apache Http Server 2.4.2 Apache Http Server 2.4.3 Apache Http Server -Apache Http Server 2.2.6 Apache Http Server 2.2.14 Apache Http Server 2.2.15 Apache Http Server 2.2.22 Apache Http Server 2.2.23 Apache Http Server Apache Http Server 2.4.7 Apache Http Server 2.2.0 Apache Http Server 2.2.10 Apache Http Server 2.2.11 Apache Http Server 2.2.18 Apache Http Server 2.2.19 Apache Http Server 2.2.26 Apache Http Server 2.2.27 Apache Http Server 2.4.8 Apache Http Server 2.4.1 Apache Http Server 2.2.2 Apache Http Server 2.2.3 Apache Http Server 2.2.4 Apache Http Server 2.2.12 Apache Http Server 2.2.13 Apache Http Server 2.2.20 Apache Http Server 2.2.21 Apache Http Server 2.4.4 Apache Http Server 2.4.6 Apache Http Server 2.2.8 Apache Http Server 2.2.9 Apache Http Server 2.2.16 Apache Http Server 2.2.17 Apache Http Server 2.2.24 Apache Http Server 2.2.2512 Github repositories available

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or...

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port....

Apache Http Server 2.2.2 Apache Http Server 2.2.3 Apache Http Server 2.2.17 Apache Http Server 2.2.18 Apache Http Server 2.2.26 Apache Http Server 2.2.27 Apache Http Server 2.4.10 Apache Http Server 2.4.12 Apache Http Server 2.2.11 Apache Http Server 2.2.12 Apache Http Server 2.2.19 Apache Http Server 2.2.20 Apache Http Server 2.2.29 Apache Http Server 2.2.30 Apache Http Server 2.4.16 Apache Http Server 2.4.17 Apache Http Server 2.2.13 Apache Http Server 2.2.14 Apache Http Server 2.2.21 Apache Http Server 2.2.22 Apache Http Server 2.2.31 Apache Http Server 2.2.32 Apache Http Server 2.4.18 Apache Http Server 2.4.20 Apache Http Server 2.2.0 Apache Http Server 2.2.15 Apache Http Server 2.2.16 Apache Http Server 2.2.23 Apache Http Server 2.2.24 Apache Http Server 2.2.25 Apache Http Server 2.4.1 Apache Http Server 2.4.2 Apache Http Server 2.4.23 Apache Http Server 2.4.2513 Github repositories available

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache...

Apache Http Server 2.2.3 Apache Http Server 2.2.4 Apache Http Server 2.2.14 Apache Http Server 2.2.15 Apache Http Server 2.2.22 Apache Http Server 2.2.23 Apache Http Server 2.4.23 Apache Http Server 2.4.20 Apache Http Server 2.4.18 Apache Http Server 2.4.6 Apache Http Server 2.4.4 Apache Http Server 2.2.10 Apache Http Server 2.2.11 Apache Http Server 2.2.18 Apache Http Server 2.2.19 Apache Http Server 2.2.26 Apache Http Server 2.2.27 Apache Http Server 2.4.12 Apache Http Server 2.4.10 Apache Http Server 2.4.1 Apache Http Server 2.2.6 Apache Http Server 2.2.8 Apache Http Server 2.2.9 Apache Http Server 2.2.16 Apache Http Server 2.2.17 Apache Http Server 2.2.24 Apache Http Server 2.2.25 Apache Http Server 2.4.17 Apache Http Server 2.4.16 Apache Http Server 2.4.3 Apache Http Server 2.4.2 Apache Http Server 2.2.0 Apache Http Server 2.2.2 Apache Http Server 2.2.12 Apache Http Server 2.2.13 Apache Http Server 2.2.20 Apache Http Server 2.2.21 Apache Http Server 2.2.29 Apache Http Server 2.2.31 Apache Http Server 2.4.9 Apache Http Server 2.4.712 Github repositories available

Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3)...

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue...

Apache Http Server 2.2.0 Apache Http Server 2.2.2 Apache Http Server 2.2.3 Apache Http Server 2.2.4 Apache Http Server 2.2.5 Apache Http Server 2.2.6 Apache Http Server 2.2.8 Apache Http Server 2.2.9 Apache Http Server 2.2.10 Apache Http Server 2.2.11 Apache Http Server 2.2.12 Apache Http Server 2.2.13 Apache Http Server 2.2.14 Apache Http Server 2.2.15 Apache Http Server 2.2.16 Apache Http Server 2.2.17 Apache Http Server 2.2.18 Apache Http Server 2.2.19 Apache Http Server 2.2.20 Apache Http Server 2.2.21 Apache Http Server 2.2.22 Apache Http Server 2.2.23 Apache Http Server 2.2.24 Apache Http Server 2.2.25 Apache Http Server 2.2.26 Apache Http Server 2.2.27 Apache Http Server 2.4.1 Apache Http Server 2.4.2 Apache Http Server 2.4.3 Apache Http Server 2.4.4 Apache Http Server 2.4.6 Apache Http Server 2.4.7 Apache Http Server 2.4.9 Apache Http Server 2.4.10 Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Eus 7.3 Redhat Enterprise Linux Eus 7.4 Redhat Enterprise Linux Eus 7.5 Redhat Enterprise Linux Eus 7.6 Redhat Enterprise Linux Eus 7.7 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Server Aus 7.3 Redhat Enterprise Linux Server Aus 7.4 Redhat Enterprise Linux Server Aus 7.6 Redhat Enterprise Linux Server Aus 7.7 Redhat Enterprise Linux Server Tus 7.3 Redhat Enterprise Linux Server Tus 7.6 Redhat Enterprise Linux Server Tus 7.7 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Workstation 7.0 Redhat Jboss Enterprise Web Server 3.0.0 Redhat Jboss Enterprise Web Server 2.0.0 Oracle Enterprise Manager Ops Center Oracle Enterprise Manager Ops Center 12.1.4 Oracle Enterprise Manager Ops Center 12.2.0 Oracle Enterprise Manager Ops Center 12.2.1 Oracle Enterprise Manager Ops Center 12.3.0 Oracle Http Server 10.1.3.5.0 Oracle Http Server 11.1.1.7.0 Oracle Http Server 12.1.2.0 Oracle Http Server 12.1.3.0 Oracle Linux 6 Oracle Solaris 11.2 Apple Mac Os X Apple Mac Os X Server Canonical Ubuntu Linux 10.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 14.104 Github repositories available

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain...

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct...

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook