Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

apache http server 2.2.7 vulnerabilities and exploits

(subscribe to this query)
4.9
CVSSv2

CVE-2009-1195

The Apache HTTP Server 2.2.11 and previous versions 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC ...
Apache Http Server 2.2.0Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.7Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.10
10
CVSSv2

CVE-2010-0425

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 up to and including 2.0.63, 2.2.0 up to and including 2.2.14, and 2.3.x prior to 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISA...
Apache Http Server 2.3.0Apache Http Server 2.3.1Apache Http Server 2.3.2Apache Http Server 2.3.3Apache Http Server 2.3.4Apache Http Server 2.3.5Apache Http Server 2.3.6Apache Http Server 2.0.9Apache Http Server 2.0.28Apache Http Server 2.0.32Apache Http Server 2.0.34Apache Http Server 2.0.35
7.8
CVSSv2

CVE-2007-6423

Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x prior to 2.2.7-dev, when running on Windows, allows remote malicious users to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue
Apache Http Server -Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.6
4.3
CVSSv2

CVE-2008-0005

mod_proxy_ftp in Apache 2.2.x prior to 2.2.7-dev, 2.0.x prior to 2.0.62-dev, and 1.3.x prior to 1.3.40-dev does not define a charset, which allows remote malicious users to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
Apache Http ServerFedoraproject Fedora 7Fedoraproject Fedora 8Canonical Ubuntu Linux 6.06Canonical Ubuntu Linux 6.10Canonical Ubuntu Linux 7.04Canonical Ubuntu Linux 7.10
7.5
CVSSv3

CVE-2018-20843

In libexpat in Expat prior to 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
Libexpat Project LibexpatCanonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10Canonical Ubuntu Linux 19.04Debian Debian Linux 8.0Debian Debian Linux 9.0Fedoraproject Fedora 29Fedoraproject Fedora 30Opensuse Leap 15.0
7.4
CVSSv3

CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This ...
Openssl OpensslStormshield Stormshield Management CenterStormshield Stormshield Network Security
7.5
CVSSv3

CVE-2022-4450

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments a...
Openssl OpensslStormshield Stormshield Network Security
5.9
CVSSv3

CVE-2022-4304

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of ...
Openssl OpensslStormshield Endpoint SecurityStormshield SslvpnStormshield Stormshield Network Security
7.5
CVSSv3

CVE-2023-0215

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receive...
Openssl OpensslStormshield Stormshield Management Center
5.9
CVSSv3

CVE-2023-28321

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather t...
* Https //github.com/curl/curlHaxx CurlDebian Debian Linux 10.0Fedoraproject Fedora 37Fedoraproject Fedora 38Netapp Clustered Data Ontap -Netapp Ontap Antivirus Connector -Netapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H410s Firmware -Apple Macos
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
physicalpicture galleryCVE-2025-30352administrator privilegesgdpr toolsCVE-2025-26007CVE-2025-24514CVE-2025-26581CVE-2025-1098wp multistore locatorCVE-2025-26986nous ouvert utile et simplecommand injection
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook