Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
http file server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usu...
Apache Http Server 2.4.49
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Netapp Cloud Backup -
2 Metasploit modules
157 Github repositories
3 Articles
NA
CVE-2010-2333
LiteSpeed Technologies LiteSpeed Web Server 4.0.x prior to 4.0.15 allows remote malicious users to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
Litespeedtech Litespeed Web Server 4.0.12
Litespeedtech Litespeed Web Server 4.0.4
Litespeedtech Litespeed Web Server 4.0.3
Litespeedtech Litespeed Web Server 4.0.10
Litespeedtech Litespeed Web Server 4.0.6
Litespeedtech Litespeed Web Server 4.0.8
Litespeedtech Litespeed Web Server 4.0.7
Litespeedtech Litespeed Web Server 4.0.9
Litespeedtech Litespeed Web Server 4.0.1
Litespeedtech Litespeed Web Server 4.0.13
Litespeedtech Litespeed Web Server 4.0.11
Litespeedtech Litespeed Web Server 4.0.2
Litespeedtech Litespeed Web Server 4.0.14
Litespeedtech Litespeed Web Server 4.0.5
Litespeedtech Litespeed Web Server 4.0
1 EDB exploit
2 Nmap scripts
7.5
CVSSv3
CVE-2018-20843
In libexpat in Expat prior to 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
Libexpat Project Libexpat
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 15.1
Oracle Http Server 12.1.3.0
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
Oracle Http Server 12.2.1.4.0
Oracle Hospitality Res 3700
Tenable Nessus
9.8
CVSSv3
CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Ser...
Apache Http Server
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Tenable Tenable.sc
Netapp Cloud Backup -
Oracle Http Server 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Oracle Communications Operations Monitor 4.3
Oracle Communications Operations Monitor 4.4
Oracle Communications Operations Monitor 5.0
Oracle Communications Element Manager
Oracle Communications Session Report Manager
Oracle Communications Session Route Manager
Apple Macos
Apple Mac Os X 10.15.7
3 Github repositories
NA
CVE-2002-2295
Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name ...
Pico Server Pico Server 2.0 Beta 2
Pico Server Pico Server 2.0 Beta 5
Pico Server Pico Server 2.0 Beta 1
Pico Server Pico Server 2.0 Beta 3
1 EDB exploit
NA
CVE-2003-1386
AXIS 2400 Video Server 2.00 up to and including 2.33 allows remote malicious users to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.
Axis 2400 Video Server 2.20
Axis 2401 Video Server 2.33
Axis 2400 Video Server 2.31
Axis 2401 Video Server 2.20
Axis 2401 Video Server 2.31
Axis 2400 Video Server 2.33
Axis 2401 Video Server 2.32
Axis 2400 Video Server 2.32
Axis 2400 Video Server 2.0
1 EDB exploit
NA
CVE-2014-6199
The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote malicious users to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request.
Ibm Sterling B2b Integrator 5.2.4.2
Ibm Sterling B2b Integrator 5.2.4.1
Ibm Sterling B2b Integrator 5.2
Ibm Sterling B2b Integrator 5.2.2
Ibm Sterling B2b Integrator 5.2.1
Ibm Sterling B2b Integrator 5.2.4
Ibm Sterling B2b Integrator 5.1
Ibm Sterling B2b Integrator 5.2.5.0
Ibm Sterling File Gateway 2.1
Ibm Sterling File Gateway 2.2
NA
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x up to and including 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote malicious users to obtain the values of HTTPOnly cookies via vectors involving a (...
Apache Http Server
Debian Debian Linux 5.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Opensuse Opensuse 11.4
Suse Linux Enterprise Software Development Kit 10
Suse Linux Enterprise Server 10
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Storage 2.0
Redhat Enterprise Linux Eus 6.2
Redhat Jboss Enterprise Web Server 1.0.0
1 EDB exploit
3 Github repositories
NA
CVE-2012-0031
scoreboard.c in the Apache HTTP Server 2.2.21 and previous versions might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading t...
Apache Http Server
Debian Debian Linux 5.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Opensuse Opensuse 11.4
Suse Linux Enterprise Software Development Kit 10
Suse Linux Enterprise Server 10
Redhat Jboss Enterprise Web Server 1.0.0
Redhat Enterprise Linux Server Aus 6.2
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Storage 2.0
Redhat Enterprise Linux Eus 6.2
1 EDB exploit
NA
CVE-2009-1890
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server prior to 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote malicious users ...
Apache Http Server
Fedoraproject Fedora 11
Debian Debian Linux 5.0
Debian Debian Linux 4.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Server Aus 5.3
Redhat Enterprise Linux Eus 5.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »