Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache apr vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library prior to 1.4.3 and the Apache HTTP Server prior to 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris...
Apache Portable Runtime
Apache Http Server
Netbsd Netbsd 5.1
Google Android
Freebsd Freebsd
Openbsd Openbsd 4.8
Apple Mac Os X 10.6.0
Oracle Solaris 10
Debian Debian Linux 5.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Suse Linux Enterprise Server 10
1 EDB exploit
2 Github repositories
3.6
CVSSv2
CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to t...
Apache Portable Runtime 1.7.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
4.3
CVSSv2
CVE-2007-6286
Apache Tomcat 5.5.11 up to and including 5.5.25 and 6.0.0 up to and including 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote malicious users to trigger handling of "a duplicate copy of one of the ...
Apache Tomcat 5.5.18
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 6.0.4
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 6.0.15
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 6.0.10
Apache Tomcat 6.0.3
Apache Tomcat 6.0.9
Apache Tomcat 5.5.25
Apache Tomcat 6.0.0
Apache Tomcat 6.0.14
Apache Tomcat 5.5.13
Apache Tomcat 6.0.1
Apache Tomcat 6.0.12
4.4
CVSSv2
CVE-2011-2526
Apache Tomcat 5.5.x prior to 5.5.34, 6.x prior to 6.0.33, and 7.x prior to 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.30
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.32
Apache Tomcat 5.5.31
Apache Tomcat 5.5.9
NA
CVE-2022-24963
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an malicious user to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
Apache Portable Runtime 1.7.0
5
CVSSv2
CVE-2009-2699
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library prior to 1.3.9, as used in the Apache HTTP Server prior to 2.2.14 and other products, does not properly handle errors, which allows remote malicious users to cau...
Apache Http Server
Apache Portable Runtime
4.9
CVSSv2
CVE-2009-1195
The Apache HTTP Server 2.2.11 and previous versions 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC ...
Apache Http Server 2.2.0
Apache Http Server 2.2.10
Apache Http Server 2.2.2
Apache Http Server 2.2.4
Apache Http Server 2.2.8
Apache Http Server 2.2.7
Apache Http Server 2.2.9
Apache Http Server 2.2.3
Apache Http Server 2.2.1
10
CVSSv2
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x prior to 2.3.32 and 2.5.x prior to 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote malicious users to execute arbitrary commands via a crafted Content-Typ...
Apache Struts 2.3.5
Apache Struts 2.3.28
Apache Struts 2.3.20.2
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.3.14
Apache Struts 2.3.13
Apache Struts 2.3.16
Apache Struts 2.3.24.2
Apache Struts 2.3.17
Apache Struts 2.3.24.1
Apache Struts 2.3.22
Apache Struts 2.3.9
Apache Struts 2.3.16.3
Apache Struts 2.3.23
Apache Struts 2.3.6
Apache Struts 2.3.24.3
Apache Struts 2.3.15.2
Apache Struts 2.3.29
Apache Struts 2.3.14.3
Apache Struts 2.3.19
Apache Struts 2.3.20.1
2 EDB exploits
2 Nmap scripts
143 Github repositories
15 Articles
5
CVSSv2
CVE-2004-0786
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and previous versions allow remote malicious users to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
Apache Http Server
5
CVSSv2
CVE-2010-1452
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x prior to 2.2.16 allow remote malicious users to cause a denial of service (process crash) via a request that lacks a path.
Apache Http Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »