Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and previous versions.
Apache Http Server
385
VMScore
CVE-2020-11985
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but...
Apache Http Server
445
VMScore
CVE-2004-0786
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and previous versions allow remote malicious users to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
Apache Http Server
409
VMScore
CVE-2004-0747
Buffer overflow in Apache 2.0.50 and previous versions allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
Apache Http Server
445
VMScore
CVE-2004-0748
mod_ssl in Apache 2.0.50 and previous versions allows remote malicious users to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
Apache Http Server
505
VMScore
CVE-2004-0751
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote malicious users to cause a denial of service (segmentation fault).
Apache Http Server
1 EDB exploit
505
VMScore
CVE-2004-0942
Apache webserver 2.0.52 and previous versions allows remote malicious users to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
Apache Http Server
1 EDB exploit
670
VMScore
CVE-2013-2249
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server prior to 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
Apache Http Server
890
VMScore
CVE-1999-1293
mod_proxy in Apache 1.2.5 and previous versions allows remote malicious users to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
Apache Http Server
187
VMScore
CVE-2001-1534
mod_usertrack in Apache 1.3.11 up to and including 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID...
Apache Http Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »