Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server - vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-25690
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 up to and including 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches...
Apache Http Server
8 Github repositories
NA
CVE-2007-6388
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 up to and including 2.2.6, 2.0.35 up to and including 2.0.61, and 1.3.2 up to and including 1.3.39, when the server-status page is enabled, allows remote malicious users to inject arbitrary web...
Apache Http Server
5.3
CVSSv3
CVE-2020-11985
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but...
Apache Http Server
NA
CVE-2004-0942
Apache webserver 2.0.52 and previous versions allows remote malicious users to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
Apache Http Server
1 EDB exploit
NA
CVE-2013-2249
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server prior to 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
Apache Http Server
NA
CVE-2003-0987
mod_digest for Apache prior to 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
Apache Http Server
NA
CVE-2007-4465
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server prior to 2.2.6, when the charset on a server-generated page is not defined, allows remote malicious users to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE...
Apache Http Server
NA
CVE-2003-0083
Apache 1.3 prior to 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for malicious users to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences,...
Apache Http Server
NA
CVE-2003-0132
A memory leak in Apache 2.0 up to and including 2.0.44 allows remote malicious users to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
Apache Http Server
2 EDB exploits
1 Github repository
6.1
CVSSv3
CVE-2019-10098
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
Apache Http Server
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »