Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server 2.4.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-3502
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x prior to 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remo...
Apache Http Server 2.4.0
Apache Http Server 2.4.1
Apache Http Server 2.4.2
7.5
CVSSv3
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnera...
Apache Http Server 2.4.0
Apache Http Server 2.4.1
Apache Http Server 2.4.2
Apache Http Server 2.4.3
Apache Http Server 2.4.6
Apache Http Server 2.4.7
Apache Http Server 2.4.8
Apache Http Server 2.4.9
Apache Http Server 2.4.10
Apache Http Server 2.4.12
Apache Http Server 2.4.14
Apache Http Server 2.4.16
1 EDB exploit
7.5
CVSSv3
CVE-2016-2161
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
Apache Http Server 2.4.0
Apache Http Server 2.4.1
Apache Http Server 2.4.2
Apache Http Server 2.4.3
Apache Http Server 2.4.6
Apache Http Server 2.4.7
Apache Http Server 2.4.8
Apache Http Server 2.4.9
Apache Http Server 2.4.10
Apache Http Server 2.4.12
Apache Http Server 2.4.14
Apache Http Server 2.4.16
NA
CVE-2012-2687
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x prior to 2.4.3, when the MultiViews option is enabled, allow remote malicious users to inject arbitrary web scr...
Apache Http Server 2.2.0
Apache Http Server 2.2.1
Apache Http Server 2.2.2
Apache Http Server 2.2.3
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.8
Apache Http Server 2.2.9
Apache Http Server 2.2.10
Apache Http Server 2.2.11
Apache Http Server 2.2.12
Apache Http Server 2.2.13
NA
CVE-2012-4558
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x prior to 2.2.24-dev and 2.4.x prior to 2.4.4 allow remote malicious users to inje...
Apache Http Server 2.2
Apache Http Server 2.2.0
Apache Http Server 2.2.1
Apache Http Server 2.2.2
Apache Http Server 2.2.3
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.8
Apache Http Server 2.2.9
Apache Http Server 2.2.10
Apache Http Server 2.2.11
Apache Http Server 2.2.12
NA
CVE-2012-3499
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x prior to 2.2.24-dev and 2.4.x prior to 2.4.4 allow remote malicious users to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3)...
Apache Http Server 2.2
Apache Http Server 2.2.0
Apache Http Server 2.2.1
Apache Http Server 2.2.2
Apache Http Server 2.2.3
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.8
Apache Http Server 2.2.9
Apache Http Server 2.2.10
Apache Http Server 2.2.11
Apache Http Server 2.2.12
1 Github repository
NA
CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x up to and including 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote malicious user...
Apache Http Server 2.4.1
Apache Http Server 2.4.2
Apache Http Server 2.4.3
Apache Http Server 2.4.4
Apache Http Server 2.4.6
Apache Http Server 2.4.7
Apache Http Server 2.4.9
Apache Http Server 2.4.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
NA
CVE-2012-0883
envvars (aka envvars-std) in the Apache HTTP Server prior to 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
Apache Http Server
Apache Http Server 2.4.1
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-44852
CVE-2024-3400
CVE-2024-30129
insecure direct object reference
CVE-2024-12115
CVE-2024-11220
CVE-2024-51378
privilege escalation
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started