Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-45648
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 up to and including 11.0.0-M11, from 10.1.0-M1 up to and including 10.1.13, from 9.0.0-M1 up to and including 9.0.81 and from 8.5.0 up to and including 8.5.93 did not correctly parse HTTP trailer heade...
Apache Tomcat 9.0.0
Apache Tomcat 10.1.0
Apache Tomcat 11.0.0
Apache Tomcat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
5.3
CVSSv3
CVE-2023-42795
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 up to and including 11.0.0-M11, from 10.1.0-M1 up to and including 10.1.13, from 9.0.0-M1 up to and including 9.0.80 and from 8.5.0 up to and including 8.5.93...
Apache Tomcat 9.0.0
Apache Tomcat 10.1.0
Apache Tomcat 11.0.0
Apache Tomcat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
7.5
CVSSv3
CVE-2023-42457
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the ...
Plone Rest 3.0.0
Plone Rest 2.0.0
7.5
CVSSv3
CVE-2023-38039
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless...
Haxx Curl
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Microsoft Windows 10 22h2
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 11 23h2
Microsoft Windows 10 1809
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows 10 21h2
7.5
CVSSv3
CVE-2023-41081
Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied r...
Apache Tomcat Connectors
7.5
CVSSv3
CVE-2014-5329
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192...
Tripodworks Gigapod Officehard Firmware
Tripodworks Gigapod 2010 Firmware
Tripodworks Gigapod 3 Firmware
2 EDB exploits
1 Github repository
6.5
CVSSv3
CVE-2023-39615
Xmlsoft Libxml2 v2.11.0 exists to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the p...
Xmlsoft Libxml2 2.11.0
6.1
CVSSv3
CVE-2023-41080
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 up to and including 11.0.0-M10, from 10.1.0-M1 up to and including 10.0.12, from 9.0.0-M1 up to and including ...
Apache Tomcat 11.0.0
Apache Tomcat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.3
CVSSv3
CVE-2023-3817
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that...
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.2e
Openssl Openssl 1.0.2j
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.2g
Openssl Openssl 1.0.2h
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl 1.0.2f
Openssl Openssl 1.0.2i
Openssl Openssl 1.0.2d
Openssl Openssl 1.0.2k
Openssl Openssl 1.0.2l
Openssl Openssl 1.0.2m
Openssl Openssl 1.0.2zb
Openssl Openssl 1.0.2n
Openssl Openssl 1.0.2o
Openssl Openssl 1.0.2p
Openssl Openssl 1.0.2q
Openssl Openssl 1.0.2r
Openssl Openssl 1.0.2s
Openssl Openssl 1.0.2t
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »