Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache http server 2.4.7 vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2014-0117
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header....
Apache Http Server 2.4.6Apache Http Server 2.4.9Apache Http Server 2.4.7Apache Http Server 2.4.8Apple Mac Os X
7.5
CVSSv3
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it...
Apache Http Server 2.4.0Apache Http Server 2.4.1Apache Http Server 2.4.10Apache Http Server 2.4.12Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.20Apache Http Server 2.4.21Apache Http Server 2.4.8Apache Http Server 2.4.9Apache Http Server 2.4.22Apache Http Server 2.4.23Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.14Apache Http Server 2.4.16Apache Http Server 2.4.19
7.5
CVSSv3
CVE-2016-2161
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests....
Apache Http Server 2.4.23Apache Http Server 2.4.12Apache Http Server 2.4.10Apache Http Server 2.4.0Apache Http Server 2.4.16Apache Http Server 2.4.14Apache Http Server 2.4.3Apache Http Server 2.4.2Apache Http Server 2.4.1Apache Http Server 2.4.22Apache Http Server 2.4.21Apache Http Server 2.4.9Apache Http Server 2.4.8Apache Http Server 2.4.20Apache Http Server 2.4.19Apache Http Server 2.4.7Apache Http Server 2.4.6
7.5
CVSSv3
CVE-2017-9798
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through...
Apache Http Server 2.4.0Apache Http Server 2.4.9Apache Http Server 2.4.10Apache Http Server 2.4.26Apache Http Server 2.4.27Apache Http Server 2.4.6Apache Http Server 2.4.7Apache Http Server 2.4.23Apache Http Server 2.4.25Apache Http Server 2.4.3Apache Http Server 2.4.4Apache Http Server 2.4.17Apache Http Server 2.4.18Apache Http Server 2.4.20Apache Http Server 2.4.1Apache Http Server 2.4.2Apache Http Server 2.4.12Apache Http Server 2.4.16Apache Http ServerDebian Debian Linux 7.0Debian Debian Linux 9.0Debian Debian Linux 8.0
NA
CVE-2014-0231
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor....
Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server -Apache Http Server 2.2.6Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.22Apache Http Server 2.2.23Apache Http ServerApache Http Server 2.4.7Apache Http Server 2.2.0Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.26Apache Http Server 2.2.27Apache Http Server 2.4.8Apache Http Server 2.4.1Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.20Apache Http Server 2.2.21Apache Http Server 2.4.4Apache Http Server 2.4.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.24Apache Http Server 2.2.25
6.1
CVSSv3
CVE-2016-4975
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache...
Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.22Apache Http Server 2.2.23Apache Http Server 2.4.23Apache Http Server 2.4.20Apache Http Server 2.4.18Apache Http Server 2.4.6Apache Http Server 2.4.4Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.26Apache Http Server 2.2.27Apache Http Server 2.4.12Apache Http Server 2.4.10Apache Http Server 2.4.1Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.24Apache Http Server 2.2.25Apache Http Server 2.4.17Apache Http Server 2.4.16Apache Http Server 2.4.3Apache Http Server 2.4.2Apache Http Server 2.2.0Apache Http Server 2.2.2Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.20Apache Http Server 2.2.21Apache Http Server 2.2.29Apache Http Server 2.2.31Apache Http Server 2.4.9Apache Http Server 2.4.7
NA
CVE-2015-3185
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended...
Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 15.04Canonical Ubuntu Linux 14.04Apache Http Server 2.4.12Apache Http Server 2.4.13Apache Http Server 2.4.9Apache Http Server 2.4.2Apache Http Server 2.4.3Apache Http Server 2.4.0Apache Http Server 2.4.4Apache Http Server 2.4.6Apache Http Server 2.4.1Apache Http Server 2.4.10Apache Http Server 2.4.7Apache Http Server 2.4.8Apple Mac Os X Server 5.0.3Apple Xcode 7.0Apple Mac Os X 10.10.4
NA
CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass...
Apache Http Server 2.4.1Apache Http Server 2.4.6Apache Http Server 2.4.3Apache Http Server 2.4.4Apache Http Server 2.4.10Apache Http Server 2.4.7Apache Http Server 2.4.2Apache Http Server 2.4.9Canonical Ubuntu Linux 14.10Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 10.04Canonical Ubuntu Linux 12.04Fedoraproject Fedora 21Oracle Enterprise Manager Ops Center 12.2.1Oracle Enterprise Manager Ops Center 12.3.0Oracle Enterprise Manager Ops Center 12.2.0Oracle Enterprise Manager Ops Center
7.5
CVSSv3
CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not...
Apache Http Server 2.4.29Apache Http Server 2.4.28Apache Http Server 2.4.27Apache Http Server 2.4.3Apache Http Server 2.4.2Apache Http Server 2.4.1Apache Http Server 2.4.26Apache Http Server 2.4.23Apache Http Server 2.4.9Apache Http Server 2.4.6Apache Http Server 2.4.18Apache Http Server 2.4.17Apache Http Server 2.4.16Apache Http Server 2.4.12Apache Http Server 2.4.25Apache Http Server 2.4.20Apache Http Server 2.4.10Apache Http Server 2.4.7Apache Http Server 2.4.4Debian Debian Linux 8.0Debian Debian Linux 7.0Debian Debian Linux 9.0Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 17.10Netapp Storage Automation Store -Netapp Storagegrid -Netapp Clustered Data Ontap -Netapp Santricity Cloud Connector -Redhat Enterprise Linux 7.4Redhat Enterprise Linux 7.6Redhat Enterprise Linux 6.0Redhat Enterprise Linux 7.0Redhat Enterprise Linux 7.5
9.8
CVSSv3
CVE-2018-1312
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests...
Apache Http Server 2.4.1Apache Http Server 2.4.20Apache Http Server 2.4.6Apache Http Server 2.4.12Apache Http Server 2.4.3Apache Http Server 2.4.23Apache Http Server 2.4.4Apache Http Server 2.4.10Apache Http Server 2.4.7Apache Http Server 2.4.2Apache Http Server 2.4.9Apache Http Server 2.4.16Apache Http Server 2.4.17Apache Http Server 2.4.18Apache Http Server 2.4.25Apache Http Server 2.4.26Apache Http Server 2.4.27Apache Http Server 2.4.28Apache Http Server 2.4.29Canonical Ubuntu Linux 17.10Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 12.04Debian Debian Linux 8.0Debian Debian Linux 7.0Debian Debian Linux 9.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -Redhat Jboss Core Services 1.0Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux Eus 7.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
seacmsCVE-2023-28393remote code executionauthentication bypassopen redirectacymailingCVE-2023-43339CVE-2023-3664openstackpopup builderCVE-2023-21987CVE-2023-21991CVE-2023-3550
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook