Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server 2.4.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-3502
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x prior to 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remo...
Apache Http Server 2.4.0
Apache Http Server 2.4.1
Apache Http Server 2.4.2
5
CVSSv2
CVE-2016-2161
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
Apache Http Server 2.4.0
Apache Http Server 2.4.1
Apache Http Server 2.4.2
Apache Http Server 2.4.3
Apache Http Server 2.4.6
Apache Http Server 2.4.7
Apache Http Server 2.4.8
Apache Http Server 2.4.9
Apache Http Server 2.4.10
Apache Http Server 2.4.12
Apache Http Server 2.4.14
Apache Http Server 2.4.16
5
CVSSv2
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnera...
Apache Http Server 2.4.0
Apache Http Server 2.4.1
Apache Http Server 2.4.2
Apache Http Server 2.4.3
Apache Http Server 2.4.6
Apache Http Server 2.4.7
Apache Http Server 2.4.8
Apache Http Server 2.4.9
Apache Http Server 2.4.10
Apache Http Server 2.4.12
Apache Http Server 2.4.14
Apache Http Server 2.4.16
1 EDB exploit
2.6
CVSSv2
CVE-2012-2687
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x prior to 2.4.3, when the MultiViews option is enabled, allow remote malicious users to inject arbitrary web scr...
Apache Http Server 2.2.0
Apache Http Server 2.2.1
Apache Http Server 2.2.2
Apache Http Server 2.2.3
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.8
Apache Http Server 2.2.9
Apache Http Server 2.2.10
Apache Http Server 2.2.11
Apache Http Server 2.2.12
Apache Http Server 2.2.13
4.3
CVSSv2
CVE-2012-3499
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x prior to 2.2.24-dev and 2.4.x prior to 2.4.4 allow remote malicious users to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3)...
Apache Http Server 2.2
Apache Http Server 2.2.0
Apache Http Server 2.2.1
Apache Http Server 2.2.2
Apache Http Server 2.2.3
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.8
Apache Http Server 2.2.9
Apache Http Server 2.2.10
Apache Http Server 2.2.11
Apache Http Server 2.2.12
1 Github repository
4.3
CVSSv2
CVE-2012-4558
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x prior to 2.2.24-dev and 2.4.x prior to 2.4.4 allow remote malicious users to inje...
Apache Http Server 2.2
Apache Http Server 2.2.0
Apache Http Server 2.2.1
Apache Http Server 2.2.2
Apache Http Server 2.2.3
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.8
Apache Http Server 2.2.9
Apache Http Server 2.2.10
Apache Http Server 2.2.11
Apache Http Server 2.2.12
9.8
CVSSv3
CVE-2023-25690
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 up to and including 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches...
Apache Http Server
8 Github repositories
6
CVSSv2
CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
Apache Http Server 2.4.37
Apache Http Server 2.4.38
Fedoraproject Fedora 29
Fedoraproject Fedora 30
5.8
CVSSv2
CVE-2019-10098
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
Apache Http Server
1 EDB exploit
7.5
CVSSv3
CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and previous versions.
Apache Http Server
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-21317
CVE-2025-23940
buffer overflow
CVE-2025-21335
CVE-2025-23860
CVE-2024-57704
SSTI
wireless
CVE-2019-3309
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »