Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-0216
The default configuration of the apache2 package in Debian GNU/Linux squeeze prior to 2.2.16-6+squeeze7, wheezy prior to 2.2.22-4, and sid prior to 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct c...
Debian Apache2
NA
CVE-2013-1048
The Debian apache2ctl script in the apache2 package squeeze prior to 2.2.16-6+squeeze11, wheezy prior to 2.2.22-13, and sid prior to 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to...
Debian Apache2
NA
CVE-2007-5000
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 up to and including 1.3.39 and 2.0.35 up to and including 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 up to and including 2.2.6 allows remote malicious u...
Apache Http Server
Fedoraproject Fedora 8
Fedoraproject Fedora 7
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
Opensuse Opensuse 10.2
Suse Linux Enterprise Server 9
Opensuse Opensuse 10.3
Suse Linux Enterprise Server 10
Suse Linux Enterprise Desktop 9
Oracle Http Server 10.1.3.5.0
NA
CVE-2007-6421
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 up to and including 2.2.6 allows remote malicious users to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
Apache Http Server 2.2
Apache Http Server 2.2.2
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.3
Apache Http Server 2.2.1
Apache Http Server -
NA
CVE-2007-6422
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 up to and including 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
Apache Http Server 2.2
Apache Http Server 2.2.2
Apache Http Server 2.2.4
Apache Http Server 2.2.6
Apache Http Server 2.2.3
Apache Http Server 2.2.1
Apache Http Server -
NA
CVE-2008-0005
mod_proxy_ftp in Apache 2.2.x prior to 2.2.7-dev, 2.0.x prior to 2.0.62-dev, and 1.3.x prior to 1.3.40-dev does not define a charset, which allows remote malicious users to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
Apache Http Server
Fedoraproject Fedora 8
Fedoraproject Fedora 7
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
NA
CVE-2007-4465
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server prior to 2.2.6, when the charset on a server-generated page is not defined, allows remote malicious users to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE...
Apache Http Server
NA
CVE-2007-6388
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 up to and including 2.2.6, 2.0.35 up to and including 2.0.61, and 1.3.2 up to and including 1.3.39, when the server-status page is enabled, allows remote malicious users to inject arbitrary web...
Apache Http Server
NA
CVE-2007-3304
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUS...
Apache Http Server
Fedoraproject Fedora 7
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 5.0
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
NA
CVE-2006-5752
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors in...
Apache Http Server
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
Fedoraproject Fedora 7
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Desktop 3.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 4.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Server 4.0
Redhat Enterprise Linux Workstation 4.0
Redhat Enterprise Linux Workstation 3.0
Redhat Enterprise Linux Server 3.0
Redhat Enterprise Linux Eus 4.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »