Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2002-0661
Directory traversal vulnerability in Apache 2.0 up to and including 2.0.39 on Windows, OS2, and Netware allows remote malicious users to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
Apache Http Server 2.0.28
Apache Http Server 2.0.35
Apache Http Server 2.0.37
Apache Http Server 2.0.32
Apache Http Server 2.0.34
Apache Http Server 2.0.39
Apache Http Server 2.0.38
Apache Http Server 2.0.36
Apache Http Server 2.0
1 EDB exploit
5
CVSSv2
CVE-2003-0245
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 up to and including 2.0.45 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML ...
Apache Http Server 2.0.42
Apache Http Server 2.0.37
Apache Http Server 2.0.44
Apache Http Server 2.0.39
Apache Http Server 2.0.41
Apache Http Server 2.0.38
Apache Http Server 2.0.45
Apache Http Server 2.0.40
Apache Http Server 2.0.43
1 EDB exploit
4.9
CVSSv2
CVE-2009-1195
The Apache HTTP Server 2.2.11 and previous versions 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC ...
Apache Http Server 2.2.0
Apache Http Server 2.2.10
Apache Http Server 2.2.2
Apache Http Server 2.2.4
Apache Http Server 2.2.8
Apache Http Server 2.2.7
Apache Http Server 2.2.9
Apache Http Server 2.2.3
Apache Http Server 2.2.1
7.5
CVSSv2
CVE-2003-0016
Apache prior to 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote malicious users to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
Apache Http Server 2.0.42
Apache Http Server 2.0.37
Apache Http Server 2.0.39
Apache Http Server 2.0.41
Apache Http Server 2.0.38
Apache Http Server 2.0.40
Apache Http Server 2.0.36
Apache Http Server 2.0.43
5
CVSSv2
CVE-2003-0017
Apache 2.0 prior to 2.0.44 on Windows platforms allows remote malicious users to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
Apache Http Server 2.0.42
Apache Http Server 2.0.37
Apache Http Server 2.0.39
Apache Http Server 2.0.41
Apache Http Server 2.0.38
Apache Http Server 2.0.40
Apache Http Server 2.0.36
Apache Http Server 2.0.43
7.8
CVSSv2
CVE-2002-2272
Tomcat 4.0 up to and including 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 up to and including 1.3.27, allows remote malicious users to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values...
Apache Http Server 1.3.11
Apache Http Server 1.3.12
Apache Http Server 1.3.13
Apache Http Server 1.3.14
Apache Http Server 1.3.20
Apache Http Server 1.3.22
Apache Tomcat 4.0.2
Apache Tomcat 4.0.3
Apache Tomcat 4.1.12
Apache Tomcat 4.1.2
Apache Http Server 1.3
Apache Http Server 1.3.0
Apache Http Server 1.3.15
Apache Http Server 1.3.16
Apache Http Server 1.3.23
Apache Http Server 1.3.24
Apache Tomcat 4.0.4
Apache Tomcat 4.0.5
Apache Tomcat 4.1.3
Apache Http Server 1.3.19
Apache Http Server 1.3.2
Apache Tomcat 4.0.0
1 EDB exploit
3.5
CVSSv2
CVE-2007-6421
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 up to and including 2.2.6 allows remote malicious users to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
Apache Http Server 2.2
Apache Http Server 2.2.2
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.3
Apache Http Server 2.2.1
Apache Http Server -
4
CVSSv2
CVE-2007-6422
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 up to and including 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
Apache Http Server 2.2
Apache Http Server 2.2.2
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.3
Apache Http Server 2.2.1
Apache Http Server -
5
CVSSv2
CVE-2001-1342
Apache prior to 1.3.20 on Windows and OS/2 systems allows remote malicious users to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
Apache Http Server 1.3.16
Apache Http Server 1.3.15
Apache Http Server 1.3.14
Apache Http Server 1.3.18
Apache Http Server 1.3.17
Apache Http Server 1.3.12
Apache Http Server 1.3.19
4.3
CVSSv2
CVE-2007-6420
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote malicious users to gain privileges via unspecified vectors.
Apache Http Server 2.2.0
Apache Http Server 2.2.2
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.3
Apache Http Server -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »