Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache http server 2.2.8 vulnerabilities and exploits

(subscribe to this query)

5
CVSSv2
CVE-2008-2364
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a...
Apache Http Server 2.0.63Apache Http Server 2.2.8
5
CVSSv2
CVE-2010-0408
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server...
Apache Http Server -Apache Http Server 2.2Apache Http Server 2.2.0Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14
4.9
CVSSv2
CVE-2009-1195
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a...
Apache Http Server -Apache Http Server 2.2Apache Http Server 2.2.0Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.7Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10Apache Http Server
4.3
CVSSv2
CVE-2010-0434
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote...
Apache Http Server -Apache Http Server 2.2Apache Http Server 2.2.0Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14
5
CVSSv2
CVE-2010-1452
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path....
Apache Http Server -Apache Http Server 2.2Apache Http Server 2.2.0Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.7Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14Apache Http Server 2.2.15
5.1
CVSSv2
CVE-2013-1862
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a...
Apache Http Server 2.2Apache Http Server 2.2.0Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.20Apache Http Server 2.2.21Apache Http Server 2.2.22Apache Http Server 2.2.23Apache Http Server 2.2.24
4.3
CVSSv2
CVE-2012-4558
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject...
Apache Http Server 2.2Apache Http Server 2.2.0Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.20Apache Http Server 2.2.21Apache Http Server 2.2.22Apache Http Server 2.2.23Apache Http Server 2.4.0Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3
5
CVSSv2
CVE-2014-0231
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor....
Apache Http Server -Apache Http Server 2.2.0Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.20Apache Http Server 2.2.21Apache Http Server 2.2.22Apache Http Server 2.2.23Apache Http Server 2.2.24Apache Http Server 2.2.25Apache Http Server 2.2.26Apache Http Server 2.2.27Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.4Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.8Apache Http Server
4.3
CVSSv2
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2)...
Apache Http Server 2.2Apache Http Server 2.2.0Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.20Apache Http Server 2.2.21
2.6
CVSSv2
CVE-2012-2687
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or...
Apache Http Server 2.2.0Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.20Apache Http Server 2.2.21Apache Http Server 2.2.22Apache Http Server 2.2.23Apache Http Server 2.4.0Apache Http Server 2.4.1Apache Http Server 2.4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-22183CVE-2021-25252CVE-2021-21972CVE-2021-26858information disclosureCVE-2021-22182gitlabCVE-2020-29047privilegetemplate injection