Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache http server 2.4.1 vulnerabilities and exploits

(subscribe to this query)

4.3
CVSSv2
CVE-2012-3502
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows...
Apache Http Server 2.4.0Apache Http Server 2.4.1Apache Http Server 2.4.2
4.3
CVSSv2
CVE-2014-0118
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses...
Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.4Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.8Apache Http Server
6.8
CVSSv2
CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers...
Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.4Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.8Apache Http Server
5
CVSSv2
CVE-2016-8743
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or...
Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.4Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.9Apache Http Server 2.4.10Apache Http Server 2.4.12Apache Http Server 2.4.16Apache Http Server 2.4.17Apache Http Server 2.4.18Apache Http Server 2.4.20Apache Http Server 2.4.23
5
CVSSv2
CVE-2014-3581
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header....
Apache Apache Http Server 2.4.0Apache Apache Http Server 2.4.1Apache Apache Http Server 2.4.2Apache Apache Http Server 2.4.3Apache Apache Http Server 2.4.4Apache Apache Http Server 2.4.5Apache Apache Http Server 2.4.6Apache Apache Http Server 2.4.7Apache Apache Http Server 2.4.8Apache Apache Http Server 2.4.9Apache Apache Http Server
4.3
CVSSv2
CVE-2012-4558
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject...
Apache Http Server 2.2Apache Http Server 2.2.0Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.20Apache Http Server 2.2.21Apache Http Server 2.2.22Apache Http Server 2.2.23Apache Http Server 2.4.0Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3
5
CVSSv2
CVE-2017-9798
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through...
Apache Http ServerApache Http Server 2.4.0Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.4Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.9Apache Http Server 2.4.10Apache Http Server 2.4.12Apache Http Server 2.4.16Apache Http Server 2.4.17Apache Http Server 2.4.18Apache Http Server 2.4.20Apache Http Server 2.4.23Apache Http Server 2.4.25Apache Http Server 2.4.26Apache Http Server 2.4.27Debian Debian Linux 7.0Debian Debian Linux 8.0Debian Debian Linux 9.0
5
CVSSv2
CVE-2014-0231
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor....
Apache Http Server -Apache Http Server 2.2.0Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.20Apache Http Server 2.2.21Apache Http Server 2.2.22Apache Http Server 2.2.23Apache Http Server 2.2.24Apache Http Server 2.2.25Apache Http Server 2.2.26Apache Http Server 2.2.27Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.4Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.8Apache Http Server
5
CVSSv2
CVE-2016-2161
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests....
Apache Http Server 2.4.0Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.8Apache Http Server 2.4.9Apache Http Server 2.4.10Apache Http Server 2.4.12Apache Http Server 2.4.14Apache Http Server 2.4.16Apache Http Server 2.4.19Apache Http Server 2.4.20Apache Http Server 2.4.21Apache Http Server 2.4.22Apache Http Server 2.4.23
5
CVSSv2
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it...
Apache Http Server 2.4.0Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.8Apache Http Server 2.4.9Apache Http Server 2.4.10Apache Http Server 2.4.12Apache Http Server 2.4.14Apache Http Server 2.4.16Apache Http Server 2.4.19Apache Http Server 2.4.20Apache Http Server 2.4.21Apache Http Server 2.4.22Apache Http Server 2.4.23
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
arbitrary codeCVE-2020-36079microfocusCVE-2021-26561CVE-2021-21972NULL pointer dereferenceCVE-2021-25281deserializationsolutions business managerCVE-2020-28243CVE-2020-27618