Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2002-1850
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote malicious users to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI...
Apache Http Server 2.0.39
Apache Http Server 2.0.40
1 EDB exploit
4.3
CVSSv2
CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x up to and including 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote malicious user...
Apache Http Server 2.4.1
Apache Http Server 2.4.6
Apache Http Server 2.4.3
Apache Http Server 2.4.4
Apache Http Server 2.4.10
Apache Http Server 2.4.7
Apache Http Server 2.4.2
Apache Http Server 2.4.9
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 21
Oracle Enterprise Manager Ops Center 12.2.1
Oracle Enterprise Manager Ops Center 12.3.0
Oracle Enterprise Manager Ops Center 12.2.0
Oracle Enterprise Manager Ops Center
5
CVSSv2
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.
Apache Http Server 2.4.20
Apache Http Server 2.4.23
Apache Http Server 2.4.25
Apache Http Server 2.4.26
Apache Http Server 2.4.18
Apache Http Server 2.4.17
Apache Http Server 2.4.27
Apache Http Server 2.4.29
Apache Http Server 2.4.28
Apache Http Server 2.4.33
Apache Http Server 2.4.37
Apache Http Server 2.4.30
Apache Http Server 2.4.34
Apache Http Server 2.4.35
Netapp Santricity Cloud Connector -
Netapp Storage Automation Store -
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Debian Debian Linux 9.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Retail Xstore Point Of Service 7.0
Oracle Hospitality Guest Access 4.2.0
2 Github repositories
3.3
CVSSv2
CVE-2001-0131
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
Apache Http Server 1.3.14
Apache Http Server 2.0
Debian Debian Linux 2.2
6.8
CVSSv2
CVE-2010-1151
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote malicious users to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
Apache Apache Http Server
6.9
CVSSv2
CVE-2012-0883
envvars (aka envvars-std) in the Apache HTTP Server prior to 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
Apache Http Server 2.4.1
Apache Http Server
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
6
CVSSv2
CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
Apache Http Server 2.4.37
Apache Http Server 2.4.38
Fedoraproject Fedora 29
Fedoraproject Fedora 30
5
CVSSv2
CVE-2007-0450
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x prior to 5.5.22 and 6.x prior to 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote malicious users to read arbitrary files via a .. (dot dot) sequence with combinations o...
Apache Tomcat
Apache Http Server -
1 EDB exploit
1 Github repository
6.4
CVSSv2
CVE-2004-0493
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote malicious users to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large number...
Trustix Secure Linux 2.0
Avaya Converged Communications Server 2.0
Trustix Secure Linux 1.5
Gentoo Linux 1.4
Trustix Secure Linux 2.1
Apache Http Server 2.0.47
Ibm Http Server 2.0.42.1
Avaya S8300 R2.0.0
Apache Http Server 2.0.49
Ibm Http Server 2.0.42
Ibm Http Server 2.0.47.1
Apache Http Server 2.0.48
Ibm Http Server 2.0.42.2
Avaya S8700 R2.0.0
Avaya S8500 R2.0.0
Ibm Http Server 2.0.47
2 EDB exploits
5
CVSSv2
CVE-2009-2699
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library prior to 1.3.9, as used in the Apache HTTP Server prior to 2.2.14 and other products, does not properly handle errors, which allows remote malicious users to cau...
Apache Http Server
Apache Portable Runtime
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »