According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities:

A cross-site scripting (XSS) vulnerability exists in mod_proxy when proxying is enabled and Proxy Error page is displayed. (CVE-2019-10092)
An open redirect vulnerability exists in mod_rewrite when using self-referential redirects. (CVE-2019-10098)
A read-after-free vulnerability exists in mod_http2 during connection shutdown. (CVE-2019-10082)
A memory corruption vulnerability exists in mod_http2 on early pushes. (CVE-2019-10081)
A denial of service (DoS) vulnerability exists in mod_http2 by exhausting h2 workers. (CVE-2019-9517)
A stack buffer overflow and NULL pointer dereference vulnerabilities exist in mod_remoteip when using a specially crafted PROXY header. (CVE-2019-10097)

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data

VendorProductVersionCPE
apachehttp_server*cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	http_server	*	cpe:2.3:a:apache:http_server::::::::

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517

archive.apache.org/dist/httpd/CHANGES_2.4.41

httpd.apache.org/security/vulnerabilities_24.html#2.4.41

nessus 44

debian 6

amazon 3

ibm 11

openvas 31

kaspersky 1

slackware 1

mageia 1

freebsd 2

suse 1

gentoo 1

osv 11

ubuntu 2

photon 6

fedora 4

redhat 7

almalinux 1

rocky 1

oraclelinux 1

symantec 2

httpd 6

alpinelinux 6

ubuntucve 6

f5 5

prion 7

hackerone 3

cve 7

redhatcve 6

debiancve 6

zdt 2

veracode 3

nuclei 2

checkpoint_advisories 1

githubexploit 1

archlinux 1

nessus

FreeBSD : Apache -- Multiple vulnerabilities (caf545f2-c0d9-11e9-9051-4c72b94353b5) (Internal Data Buffering)

2019-08-20 00:00:00

SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:2237-1) (Internal Data Buffering)

2019-08-29 00:00:00

Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2020-091-02) (Internal Data Buffering)

2020-04-02 00:00:00

debian

[SECURITY] [DSA 4509-1] apache2 security update

2019-08-26 19:52:07

[SECURITY] [DSA 4509-1] apache2 security update

2019-08-26 19:52:07

[SECURITY] [DLA 1900-1] apache2 security update

2019-08-28 22:39:55

amazon

Medium: httpd24

2019-10-18 23:22:00

Medium: httpd

2019-10-28 17:42:00

Important: mod_http2

2019-10-28 17:43:00

ibm

Security Bulletin: Multiple vulnerabilities in the IBM i HTTP Server affect IBM i.

2019-12-18 14:26:38

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2019-9517, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098)

2019-09-30 12:42:18

Security Bulletin: Aspera Web Applications (Faspex, Console, Shares) are affected by Apache Vulnerabilities (CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098), )

2020-02-07 02:02:44

openvas

Mageia: Security Advisory (MGASA-2019-0407)

2022-01-28 00:00:00

Debian: Security Advisory (DSA-4509-3)

2019-08-27 00:00:00

openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:2051-1)

2019-09-03 00:00:00

kaspersky

KLA12366 Multiple vulnerabilities in Apache HTTP Server

2019-08-14 00:00:00

slackware

[slackware-security] httpd

2020-03-31 19:45:57

mageia

Updated apache packages fix security vulnerabilities

2019-12-25 22:08:41

freebsd

Apache -- Multiple vulnerabilities

2019-08-14 00:00:00

Apache -- Multiple vulnerabilities

2020-04-01 00:00:00

suse

Security update for apache2 (important)

2019-09-02 00:00:00

gentoo

Apache: Multiple vulnerabilities

2019-09-06 00:00:00

osv

apache2 - security update

2019-08-26 00:00:00

apache2 - security update

2019-08-28 00:00:00

Moderate: httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

ubuntu

Apache HTTP Server regression

2019-09-17 00:00:00

Apache HTTP Server vulnerabilities

2019-08-29 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0253

2019-10-15 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0178

2019-10-03 00:00:00

Critical Photon OS Security Update - PHSA-2019-0253

2019-10-15 00:00:00

fedora

[SECURITY] Fedora 29 Update: httpd-2.4.41-1.fc29

2019-09-30 01:39:18

[SECURITY] Fedora 30 Update: httpd-2.4.41-1.fc30

2019-08-23 01:27:58

[SECURITY] Fedora 29 Update: mod_md-2.0.8-3.fc29

2019-09-30 01:39:18

redhat

(RHSA-2020:1336) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update

2020-04-06 19:02:18

(RHSA-2020:1337) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update

2020-04-06 19:02:25

(RHSA-2020:4751) Moderate: httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

almalinux

Moderate: httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

rocky

httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

oraclelinux

httpd:2.4 security, bug fix, and enhancement update

2020-11-10 00:00:00

symantec

Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020

2020-06-12 20:41:37

HTTP/2 CVE-2019-9517 Remote Denial of Service Vulnerability

2019-08-13 00:00:00

httpd

Apache Httpd < 2.4.41 : CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference

2019-07-23 00:00:00

Apache Httpd < 2.4.41 : mod_http2, read-after-free in h2 connection shutdown

2019-04-12 00:00:00

Apache Httpd < 2.4.41 : Limited cross-site scripting in mod_proxy error page

2019-07-09 00:00:00

alpinelinux

CVE-2019-10097

2019-09-26 16:15:00

CVE-2019-10082

2019-09-26 16:15:00

CVE-2019-10092

2019-09-26 16:15:00

ubuntucve

CVE-2019-10097

2019-08-14 00:00:00

CVE-2019-10082

2019-08-14 00:00:00

CVE-2019-10098

2019-08-14 00:00:00

K54207009 : Apache mod_remoteip vulnerability CVE-2019-10097

2019-09-09 00:00:00

K82200103 : Apache mod_http2 vulnerability CVE-2019-10082

2019-09-03 00:00:00

K25126370 : Apache HTTPD vulnerability CVE-2019-10098

2019-09-17 00:00:00

prion

Session fixation

2019-09-26 16:15:00

Code injection

2019-09-25 17:15:00

Null pointer dereference

2019-09-26 16:15:00

hackerone

Internet Bug Bounty: mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082)

2019-08-23 13:38:25

Internet Bug Bounty: mod_remoteip stack buffer overflow and NULL pointer dereference

2019-08-15 14:42:13

Internet Bug Bounty: mod_http2, memory corruption on early pushes (CVE-2019-10081)

2019-08-20 14:14:29

cve

CVE-2019-10082

2019-09-26 16:15:00

CVE-2019-10098

2019-09-25 17:15:00

CVE-2019-10097

2019-09-26 16:15:00

redhatcve

CVE-2019-10082

2020-04-07 04:56:13

CVE-2019-10097

2020-04-01 20:22:36

CVE-2019-10092

2020-04-07 04:56:12

debiancve

CVE-2019-10098

2019-09-25 17:15:00

CVE-2019-10097

2019-09-26 16:15:00

CVE-2019-10082

2019-09-26 16:15:00

zdt

Apache Httpd mod_rewrite - Open Redirects Vulnerability

2019-11-19 00:00:00

Apache Httpd mod_proxy - Error Page Cross-Site Scripting Vulnerability

2019-11-19 00:00:00

veracode

Denial Of Service (DoS)

2020-04-07 00:46:41

Open Redirects

2020-05-27 03:19:07

Denial Of Service (DoS)

2019-10-01 00:17:28

nuclei

Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect

2023-06-14 17:14:42

Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting

2021-01-09 14:45:11

checkpoint_advisories

Apache httpd Server Buffer Overflow (CVE-2019-10097)

2020-03-05 00:00:00

githubexploit

Exploit for Cross-site Scripting in Apache Http Server

2019-12-18 14:15:13

archlinux

[ASA-202004-14] apache: multiple issues

2020-04-15 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for WEB_APPLICATION_SCANNING_98669