Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian apache2 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-0196
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
Apache Http Server
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
5
CVSSv2
CVE-2019-0220
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects...
Apache Http Server
Opensuse Leap 42.3
Opensuse Leap 15.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
1 Github repository
7.2
CVSSv2
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent ...
Apache Http Server
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Opensuse Leap 42.3
Opensuse Leap 15.0
1 EDB exploit
7 Github repositories
1 Article
6
CVSSv2
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
Apache Http Server
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux -
Opensuse Leap 42.3
Opensuse Leap 15.0
Netapp Clustered Data Ontap -
Netapp Oncommand Unified Manager -
Oracle Retail Xstore Point Of Service 7.1
Oracle Retail Xstore Point Of Service 7.0
Oracle Http Server 12.2.1.3.0
1 Github repository
5
CVSSv2
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.
Apache Http Server 2.4.20
Apache Http Server 2.4.23
Apache Http Server 2.4.25
Apache Http Server 2.4.26
Apache Http Server 2.4.18
Apache Http Server 2.4.17
Apache Http Server 2.4.27
Apache Http Server 2.4.29
Apache Http Server 2.4.28
Apache Http Server 2.4.33
Apache Http Server 2.4.37
Apache Http Server 2.4.30
Apache Http Server 2.4.34
Apache Http Server 2.4.35
Netapp Santricity Cloud Connector -
Netapp Storage Automation Store -
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Debian Debian Linux 9.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Retail Xstore Point Of Service 7.0
Oracle Hospitality Guest Access 4.2.0
2 Github repositories
5
CVSSv2
CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
Apache Http Server
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Santricity Cloud Connector -
Netapp Storage Automation Store -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Oracle Enterprise Manager Ops Center 12.3.3
4.3
CVSSv2
CVE-2018-17082
The Apache2 component in PHP prior to 5.6.38, 7.0.x prior to 7.0.32, 7.1.x prior to 7.1.22, and 7.2.x prior to 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2h...
Php Php
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Netapp Storage Automation Store -
2 Github repositories
1.9
CVSSv2
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
1 Github repository
5
CVSSv2
CVE-2016-8743
Apache HTTP Server, in all releases before 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interac...
Apache Http Server
Netapp Clustered Data Ontap -
Netapp Oncommand Unified Manager -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.3
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Eus 7.3
Redhat Enterprise Linux Eus 7.4
Redhat Enterprise Linux Eus 7.5
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Eus 7.6
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
6.4
CVSSv2
CVE-2017-9788
In Apache httpd prior to 2.2.34 and 2.4.x prior to 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '...
Apache Http Server
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Apple Mac Os X
Netapp Storage Automation Store -
Netapp Oncommand Unified Manager -
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.3
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Eus 7.3
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Server Tus 7.4
Redhat Enterprise Linux Server Eus 7.5
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »