Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache2 vulnerabilities and exploits
(subscribe to this query)
585
VMScore
CVE-2019-10098
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
Apache Http Server
1 EDB exploit
505
VMScore
CVE-2009-1955
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util prior to 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote malicious users to cause a denial of service (memory consumption) via a crafted XML document...
Apache Apr-util
Apple Mac Os X
Suse Linux Enterprise Server 9
Debian Debian Linux 4.0
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Fedoraproject Fedora 11
Fedoraproject Fedora 10
Fedoraproject Fedora 9
Oracle Http Server -
Apache Http Server
1 EDB exploit
449
VMScore
CVE-2016-8743
Apache HTTP Server, in all releases before 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interac...
Apache Http Server
Netapp Clustered Data Ontap -
Netapp Oncommand Unified Manager -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.3
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Eus 7.3
Redhat Enterprise Linux Eus 7.4
Redhat Enterprise Linux Eus 7.5
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Eus 7.6
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
446
VMScore
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.
Apache Http Server 2.4.20
Apache Http Server 2.4.23
Apache Http Server 2.4.25
Apache Http Server 2.4.26
Apache Http Server 2.4.18
Apache Http Server 2.4.17
Apache Http Server 2.4.27
Apache Http Server 2.4.29
Apache Http Server 2.4.28
Apache Http Server 2.4.33
Apache Http Server 2.4.37
Apache Http Server 2.4.30
Apache Http Server 2.4.34
Apache Http Server 2.4.35
Netapp Santricity Cloud Connector -
Netapp Storage Automation Store -
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Debian Debian Linux 9.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Retail Xstore Point Of Service 7.0
Oracle Hospitality Guest Access 4.2.0
2 Github repositories
383
VMScore
CVE-2009-0023
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util prior to 1.3.5 allows remote malicious users to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI dire...
Apache Apr-util 1.3.3
Apache Apr-util 1.2.7
Apache Apr-util 1.2.8
Apache Apr-util 1.2.2
Apache Apr-util 1.3.0
Apache Apr-util 0.9.4
Apache Apr-util 1.0.2
Apache Apr-util 1.0
Apache Apr-util 1.2.1
Apache Apr-util 0.9.3
Apache Apr-util 1.1.0
Apache Apr-util 0.9.1
Apache Apr-util
Apache Apr-util 1.3.1
Apache Apr-util 0.9.2
Apache Apr-util 1.3.2
Apache Apr-util 1.1.1
Apache Apr-util 1.1.2
Apache Apr-util 1.2.6
Apache Apr-util 1.0.1
Apache Apr-util 0.9.5
Apache Http Server
NA
CVE-2023-38709
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: up to and including 2.4.58.
445
VMScore
CVE-2013-5705
apache2/modsecurity.c in ModSecurity prior to 2.7.6 allows remote malicious users to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
Trustwave Modsecurity
Debian Debian Linux 7.0
Debian Debian Linux 8.0
383
VMScore
CVE-2005-3352
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd prior to 1.3.35-dev and Apache httpd 2.0.x prior to 2.0.56-dev allows remote malicious users to inject arbitrary web script or HTML via the Referer when using image maps.
Apache Http Server 2.2
Apache Http Server
890
VMScore
CVE-2009-2412
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger...
Apache Apr-util 1.3.6-dev
Apache Portable Runtime 1.3.6-dev
Apache Portable Runtime 1.3.7
Apache Apr-util 1.3.6
Apache Apr-util 0.9.2-dev
Apache Apr-util 1.3.3
Apache Apr-util 0.9.9
Apache Portable Runtime 0.9.7-dev
Apache Portable Runtime 1.3.3
Apache Portable Runtime 0.9.6
Apache Portable Runtime 0.9.16-dev
Apache Portable Runtime 0.9.8
Apache Portable Runtime 1.3.1
Apache Portable Runtime 1.3.2
Apache Portable Runtime 1.3.4
Apache Apr-util 1.3.0
Apache Apr-util 1.3.4
Apache Apr-util 0.9.4
Apache Portable Runtime 0.9.4
Apache Apr-util 0.9.3
Apache Portable Runtime 0.9.3
Apache Apr-util 0.9.7-dev
449
VMScore
CVE-2019-0196
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
Apache Http Server
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »