Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache apache http server 2.4.0 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2012-3502
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x prior to 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remo...
Apache Http Server 2.4.1
Apache Http Server 2.4.0
Apache Http Server 2.4.2
446
VMScore
CVE-2016-2161
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
Apache Http Server 2.4.1
Apache Http Server 2.4.20
Apache Http Server 2.4.6
Apache Http Server 2.4.0
Apache Http Server 2.4.12
Apache Http Server 2.4.3
Apache Http Server 2.4.23
Apache Http Server 2.4.8
Apache Http Server 2.4.10
Apache Http Server 2.4.7
Apache Http Server 2.4.14
Apache Http Server 2.4.22
Apache Http Server 2.4.2
Apache Http Server 2.4.19
Apache Http Server 2.4.16
Apache Http Server 2.4.9
Apache Http Server 2.4.21
505
VMScore
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnera...
Apache Http Server 2.4.1
Apache Http Server 2.4.20
Apache Http Server 2.4.6
Apache Http Server 2.4.0
Apache Http Server 2.4.12
Apache Http Server 2.4.3
Apache Http Server 2.4.23
Apache Http Server 2.4.8
Apache Http Server 2.4.10
Apache Http Server 2.4.7
Apache Http Server 2.4.14
Apache Http Server 2.4.22
Apache Http Server 2.4.2
Apache Http Server 2.4.19
Apache Http Server 2.4.16
Apache Http Server 2.4.9
Apache Http Server 2.4.21
1 EDB exploit
235
VMScore
CVE-2012-2687
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x prior to 2.4.3, when the MultiViews option is enabled, allow remote malicious users to inject arbitrary web scr...
Apache Http Server 2.2.23
Apache Http Server 2.4.1
Apache Http Server 2.2.11
Apache Http Server 2.2.0
Apache Http Server 2.2.10
Apache Http Server 2.2.13
Apache Http Server 2.2.2
Apache Http Server 2.4.0
Apache Http Server 2.2.4
Apache Http Server 2.2.17
Apache Http Server 2.2.16
Apache Http Server 2.2.21
Apache Http Server 2.2.8
Apache Http Server 2.2.14
Apache Http Server 2.2.6
Apache Http Server 2.2.22
Apache Http Server 2.2.19
Apache Http Server 2.2.9
Apache Http Server 2.2.18
Apache Http Server 2.2.12
Apache Http Server 2.2.3
Apache Http Server 2.4.2
388
VMScore
CVE-2012-4558
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x prior to 2.2.24-dev and 2.4.x prior to 2.4.4 allow remote malicious users to inje...
Apache Http Server 2.2.23
Apache Http Server 2.2
Apache Http Server 2.2.11
Apache Http Server 2.2.0
Apache Http Server 2.2.10
Apache Http Server 2.2.13
Apache Http Server 2.2.2
Apache Http Server 2.2.4
Apache Http Server 2.2.17
Apache Http Server 2.2.16
Apache Http Server 2.2.21
Apache Http Server 2.2.8
Apache Http Server 2.2.14
Apache Http Server 2.2.6
Apache Http Server 2.2.22
Apache Http Server 2.2.19
Apache Http Server 2.2.9
Apache Http Server 2.2.18
Apache Http Server 2.2.12
Apache Http Server 2.2.3
Apache Http Server 2.2.15
Apache Http Server 2.2.20
383
VMScore
CVE-2012-3499
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x prior to 2.2.24-dev and 2.4.x prior to 2.4.4 allow remote malicious users to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3)...
Apache Http Server 2.2.23
Apache Http Server 2.2
Apache Http Server 2.2.11
Apache Http Server 2.2.0
Apache Http Server 2.2.10
Apache Http Server 2.2.13
Apache Http Server 2.2.2
Apache Http Server 2.2.4
Apache Http Server 2.2.17
Apache Http Server 2.2.16
Apache Http Server 2.2.21
Apache Http Server 2.2.8
Apache Http Server 2.2.14
Apache Http Server 2.2.6
Apache Http Server 2.2.22
Apache Http Server 2.2.19
Apache Http Server 2.2.9
Apache Http Server 2.2.18
Apache Http Server 2.2.12
Apache Http Server 2.2.3
Apache Http Server 2.2.15
Apache Http Server 2.2.20
1 Github repository
535
VMScore
CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
Apache Http Server 2.4.37
Apache Http Server 2.4.38
Fedoraproject Fedora 29
Fedoraproject Fedora 30
NA
CVE-2023-25690
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 up to and including 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches...
Apache Http Server
8 Github repositories
NA
CVE-2022-36760
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an malicious user to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server ...
Apache Http Server
NA
CVE-2022-37436
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
Apache Http Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »