Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack patte...
Apache Http Server
4 Github repositories
NA
CVE-2022-36760
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an malicious user to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server ...
Apache Http Server
4.3
CVSSv2
CVE-2020-11985
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but...
Apache Http Server
7.5
CVSSv2
CVE-2013-2249
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server prior to 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
Apache Http Server
4.6
CVSSv2
CVE-2004-0747
Buffer overflow in Apache 2.0.50 and previous versions allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
Apache Http Server
5
CVSSv2
CVE-2004-0786
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and previous versions allow remote malicious users to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
Apache Http Server
7.8
CVSSv2
CVE-2007-0086
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote malicious users to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this i...
Apache Http Server -
2 Github repositories
1 Article
5
CVSSv2
CVE-2010-1452
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x prior to 2.2.16 allow remote malicious users to cause a denial of service (process crash) via a request that lacks a path.
Apache Http Server
7.5
CVSSv2
CVE-2003-0987
mod_digest for Apache prior to 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
Apache Http Server
4.3
CVSSv2
CVE-2007-4465
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server prior to 2.2.6, when the charset on a server-generated page is not defined, allows remote malicious users to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE...
Apache Http Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »