Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-0751
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote malicious users to cause a denial of service (segmentation fault).
Apache Http Server
1 EDB exploit
NA
CVE-2003-0083
Apache 1.3 prior to 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for malicious users to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences,...
Apache Http Server
NA
CVE-2003-0132
A memory leak in Apache 2.0 up to and including 2.0.44 allows remote malicious users to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
Apache Http Server
2 EDB exploits
1 Github repository
NA
CVE-2002-0061
Apache for Win32 prior to 1.3.24, and 2.0.x prior to 2.0.34-beta, allows remote malicious users to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, t...
Apache Http Server
1 EDB exploit
9.8
CVSSv3
CVE-2023-25690
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 up to and including 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches...
Apache Http Server
8 Github repositories
9
CVSSv3
CVE-2022-36760
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an malicious user to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server ...
Apache Http Server
5.3
CVSSv3
CVE-2022-37436
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
Apache Http Server
7.5
CVSSv3
CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and previous versions.
Apache Http Server
NA
CVE-2004-2343
Apache HTTP Server 2.0.47 and previous versions allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism...
Apache Http Server
NA
CVE-1999-1293
mod_proxy in Apache 1.2.5 and previous versions allows remote malicious users to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
Apache Http Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »