Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library prior to 1.4.3 and the Apache HTTP Server prior to 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris...
Apache Portable Runtime
Apache Http Server
Netbsd Netbsd 5.1
Google Android
Freebsd Freebsd
Openbsd Openbsd 4.8
Apple Mac Os X 10.6.0
Oracle Solaris 10
Debian Debian Linux 5.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Suse Linux Enterprise Server 10
1 EDB exploit
2 Github repositories
4.4
CVSSv2
CVE-2011-3607
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x up to and including 2.0.64 and 2.2.x up to and including 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvI...
Apache Http Server 2.0.42
Apache Http Server 2.0.64
Apache Http Server 2.0.58
Apache Http Server 2.0.47
Apache Http Server 2.0.56
Apache Http Server 2.0.50
Apache Http Server 2.0.35
Apache Http Server 2.0.37
Apache Http Server 2.0.55
Apache Http Server 2.0.44
Apache Http Server 2.0.39
Apache Http Server 2.0.52
Apache Http Server 2.0.53
Apache Http Server 2.0.57
Apache Http Server 2.0.51
Apache Http Server 2.0.28
Apache Http Server 2.0.63
Apache Http Server 2.0.41
Apache Http Server 2.0.49
Apache Http Server 2.0.9
Apache Http Server 2.0.34
Apache Http Server 2.0.61
1 EDB exploit
NA
CVE-2023-27522
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 up to and including 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
Apache Http Server
Debian Debian Linux 10.0
Unbit Uwsgi
5
CVSSv2
CVE-2006-0042
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) prior to 2.07 allows remote malicious users to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computation...
Apache Libapreq2
Debian Debian Linux 3.0
Debian Debian Linux 3.1
5
CVSSv2
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnera...
Apache Http Server 2.4.1
Apache Http Server 2.4.20
Apache Http Server 2.4.6
Apache Http Server 2.4.0
Apache Http Server 2.4.12
Apache Http Server 2.4.3
Apache Http Server 2.4.23
Apache Http Server 2.4.8
Apache Http Server 2.4.10
Apache Http Server 2.4.7
Apache Http Server 2.4.14
Apache Http Server 2.4.22
Apache Http Server 2.4.2
Apache Http Server 2.4.19
Apache Http Server 2.4.16
Apache Http Server 2.4.9
Apache Http Server 2.4.21
1 EDB exploit
7.5
CVSSv2
CVE-2021-26691
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
Apache Http Server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Zfs Storage Appliance Kit 8.8
Oracle Secure Backup
Netapp Cloud Backup -
1 Github repository
7.2
CVSSv2
CVE-2013-1090
The SUSE horde5 package prior to 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.
Opensuse Opensuse 12.3
7.5
CVSSv2
CVE-2005-2491
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) prior to 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows malicious users to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-base...
Pcre Pcre 5.0
Pcre Pcre 6.0
Pcre Pcre 6.1
8.5
CVSSv2
CVE-2020-11749
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
Pandorafms Pandora Fms
6.8
CVSSv2
CVE-2020-35452
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation ...
Apache Http Server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Zfs Storage Appliance Kit 8.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »