Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2001-1556
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote malicious users to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, t...
Apache Http Server
449
VMScore
CVE-2010-1452
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x prior to 2.2.16 allow remote malicious users to cause a denial of service (process crash) via a request that lacks a path.
Apache Http Server
755
VMScore
CVE-2002-0061
Apache for Win32 prior to 1.3.24, and 2.0.x prior to 2.0.34-beta, allows remote malicious users to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, t...
Apache Http Server
1 EDB exploit
445
VMScore
CVE-2003-0460
The rotatelogs program on Apache prior to 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote malicious users to cause a denial of service.
Apache Http Server
445
VMScore
CVE-2004-0174
Apache 1.4.x prior to 1.3.30, and 2.0.x prior to 2.0.49, when using multiple listening sockets on certain platforms, allows remote malicious users to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."...
Apache Http Server
NA
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack patte...
Apache Http Server
4 Github repositories
890
VMScore
CVE-1999-1199
Apache WWW server 1.3.1 and previous versions allows remote malicious users to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
Apache Http Server
890
VMScore
CVE-1999-1237
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote malicious users to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
Apache Http Server -
585
VMScore
CVE-2019-10098
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
Apache Http Server
1 EDB exploit
384
VMScore
CVE-2007-6388
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 up to and including 2.2.6, 2.0.35 up to and including 2.0.61, and 1.3.2 up to and including 1.3.39, when the server-status page is enabled, allows remote malicious users to inject arbitrary web...
Apache Http Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »