Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache http server 2.4.2 vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2012-3502
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows...
Apache Http Server 2.4.1Apache Http Server 2.4.0Apache Http Server 2.4.2
7.5
CVSSv3
CVE-2016-2161
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests....
Apache Http Server 2.4.1Apache Http Server 2.4.20Apache Http Server 2.4.6Apache Http Server 2.4.0Apache Http Server 2.4.12Apache Http Server 2.4.3Apache Http Server 2.4.23Apache Http Server 2.4.8Apache Http Server 2.4.10Apache Http Server 2.4.7Apache Http Server 2.4.14Apache Http Server 2.4.22Apache Http Server 2.4.2Apache Http Server 2.4.19Apache Http Server 2.4.16Apache Http Server 2.4.9Apache Http Server 2.4.21
7.5
CVSSv3
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it...
Apache Http Server 2.4.1Apache Http Server 2.4.20Apache Http Server 2.4.6Apache Http Server 2.4.0Apache Http Server 2.4.12Apache Http Server 2.4.3Apache Http Server 2.4.23Apache Http Server 2.4.8Apache Http Server 2.4.10Apache Http Server 2.4.7Apache Http Server 2.4.14Apache Http Server 2.4.22Apache Http Server 2.4.2Apache Http Server 2.4.19Apache Http Server 2.4.16Apache Http Server 2.4.9Apache Http Server 2.4.21
NA
CVE-2012-2687
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or...
Apache Http Server 2.2.23Apache Http Server 2.4.1Apache Http Server 2.2.11Apache Http Server 2.2.0Apache Http Server 2.2.10Apache Http Server 2.2.13Apache Http Server 2.2.2Apache Http Server 2.4.0Apache Http Server 2.2.4Apache Http Server 2.2.17Apache Http Server 2.2.16Apache Http Server 2.2.21Apache Http Server 2.2.8Apache Http Server 2.2.14Apache Http Server 2.2.6Apache Http Server 2.2.22Apache Http Server 2.2.19Apache Http Server 2.2.9Apache Http Server 2.2.18Apache Http Server 2.2.12Apache Http Server 2.2.3Apache Http Server 2.4.2Apache Http Server 2.2.15Apache Http Server 2.2.20Apache Http Server 2.2.1
NA
CVE-2012-4558
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject...
Apache Http Server 2.2.23Apache Http Server 2.2Apache Http Server 2.2.11Apache Http Server 2.2.0Apache Http Server 2.2.10Apache Http Server 2.2.13Apache Http Server 2.2.2Apache Http Server 2.2.4Apache Http Server 2.2.17Apache Http Server 2.2.16Apache Http Server 2.2.21Apache Http Server 2.2.8Apache Http Server 2.2.14Apache Http Server 2.2.6Apache Http Server 2.2.22Apache Http Server 2.2.19Apache Http Server 2.2.9Apache Http Server 2.2.18Apache Http Server 2.2.12Apache Http Server 2.2.3Apache Http Server 2.2.15Apache Http Server 2.2.20Apache Http Server 2.2.1Apache Http Server 2.4.1Apache Http Server 2.4.0Apache Http Server 2.4.3Apache Http Server 2.4.2
7.5
CVSSv3
CVE-2017-9798
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through...
Apache Http Server 2.4.1Apache Http Server 2.4.20Apache Http Server 2.4.6Apache Http Server 2.4.0Apache Http Server 2.4.12Apache Http Server 2.4.3Apache Http Server 2.4.23Apache Http Server 2.4.4Apache Http Server 2.4.10Apache Http Server 2.4.7Apache Http Server 2.4.25Apache Http Server 2.4.26Apache Http Server 2.4.18Apache Http Server 2.4.2Apache Http Server 2.4.17Apache Http Server 2.4.16Apache Http Server 2.4.9Apache Http Server 2.4.27Apache Http ServerDebian Debian Linux 8.0Debian Debian Linux 7.0Debian Debian Linux 9.0
NA
CVE-2012-3499
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3)...
Apache Http Server 2.2.23Apache Http Server 2.2Apache Http Server 2.2.11Apache Http Server 2.2.0Apache Http Server 2.2.10Apache Http Server 2.2.13Apache Http Server 2.2.2Apache Http Server 2.2.4Apache Http Server 2.2.17Apache Http Server 2.2.16Apache Http Server 2.2.21Apache Http Server 2.2.8Apache Http Server 2.2.14Apache Http Server 2.2.6Apache Http Server 2.2.22Apache Http Server 2.2.19Apache Http Server 2.2.9Apache Http Server 2.2.18Apache Http Server 2.2.12Apache Http Server 2.2.3Apache Http Server 2.2.15Apache Http Server 2.2.20Apache Http Server 2.2.1Apache Http Server 2.4.1Apache Http Server 2.4.0Apache Http Server 2.4.3Apache Http Server 2.4.2
6.1
CVSSv3
CVE-2016-4975
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache...
Apache Http Server 2.2.23Apache Http Server 2.4.1Apache Http Server 2.4.20Apache Http Server 2.2.11Apache Http Server 2.2.0Apache Http Server 2.2.31Apache Http Server 2.2.10Apache Http Server 2.4.6Apache Http Server 2.2.13Apache Http Server 2.2.2Apache Http Server 2.4.12Apache Http Server 2.2.4Apache Http Server 2.2.17Apache Http Server 2.2.16Apache Http Server 2.2.21Apache Http Server 2.4.3Apache Http Server 2.4.23Apache Http Server 2.2.8Apache Http Server 2.4.4Apache Http Server 2.4.10Apache Http Server 2.4.7Apache Http Server 2.2.14Apache Http Server 2.2.24Apache Http Server 2.2.25Apache Http Server 2.2.6Apache Http Server 2.2.22Apache Http Server 2.2.19Apache Http Server 2.2.27Apache Http Server 2.2.9Apache Http Server 2.4.18Apache Http Server 2.2.18Apache Http Server 2.2.12Apache Http Server 2.2.29Apache Http Server 2.2.3Apache Http Server 2.4.2Apache Http Server 2.2.15Apache Http Server 2.2.20Apache Http Server 2.4.17Apache Http Server 2.4.16Apache Http Server 2.4.9Apache Http Server 2.2.26
9.8
CVSSv3
CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port....
Apache Http Server 2.2.23Apache Http Server 2.4.1Apache Http Server 2.4.20Apache Http Server 2.2.11Apache Http Server 2.2.0Apache Http Server 2.2.31Apache Http Server 2.2.13Apache Http Server 2.2.2Apache Http Server 2.4.12Apache Http Server 2.2.17Apache Http Server 2.2.16Apache Http Server 2.2.21Apache Http Server 2.4.23Apache Http Server 2.4.10Apache Http Server 2.2.14Apache Http Server 2.2.24Apache Http Server 2.2.25Apache Http Server 2.2.30Apache Http Server 2.2.22Apache Http Server 2.2.19Apache Http Server 2.2.27Apache Http Server 2.4.25Apache Http Server 2.4.18Apache Http Server 2.2.18Apache Http Server 2.2.12Apache Http Server 2.2.32Apache Http Server 2.2.29Apache Http Server 2.2.3Apache Http Server 2.4.2Apache Http Server 2.2.15Apache Http Server 2.2.20Apache Http Server 2.4.17Apache Http Server 2.4.16Apache Http Server 2.2.26
NA
CVE-2015-3185
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended...
Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.04Apache Http Server 2.4.1Apache Http Server 2.4.6Apache Http Server 2.4.0Apache Http Server 2.4.12Apache Http Server 2.4.3Apache Http Server 2.4.8Apache Http Server 2.4.4Apache Http Server 2.4.10Apache Http Server 2.4.7Apache Http Server 2.4.13Apache Http Server 2.4.2Apache Http Server 2.4.9Apple Mac Os X 10.10.4Apple Xcode 7.0Apple Mac Os X Server 5.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-6527elevation of privilegeCVE-2023-26360CVE-2023-40053dosunprivilegedCVE-2022-24403CVE-2023-42916CVE-2023-49447
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook