K23153696: Apache HTTPD vulnerability CVE-2020-1927

Security Advisory Description In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. CVE-2020-1927 Impact An attacker can abuse...

K22893952: Apache vulnerability CVE-2019-0190

Security Advisory Description A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when...

K48373922: Apache vulnerablilty CVE-2018-8011

Security Advisory Description By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33. CVE-2018-8011 Impact There is no impac...

K67175700: Apache vulnerabilities CVE-2020-9490, CVE-2020-11984, CVE-2020-11993

Security Advisory Description CVE-2020-9490 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via...

K15320: Apache vulnerability CVE-2014-0098

Security Advisory Description The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service segmentation fault and daemon crash via a crafted cookie that is not properly handled during truncation...

K13114: Apache Range header vulnerability - CVE-2011-3192

Security Advisory Description The byte-range filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial-of-service memory and CPU consumption using aRange header that expresses multiple overlapping ranges. When this vulnerabili...

K15877: Apache vulnerability CVE-2013-1862

Security Advisory Description modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequen...

K17202: Apache HTTP server vulnerability CVE-2012-3502

Security Advisory Description The proxy functionality in 1 modproxyajp.c in the modproxyajp module and 2 modproxyhttp.c in the modproxyhttp module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remot...

K17201: Apache HTTP server vulnerability CVE-2008-0455

Security Advisory Description Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitra...

K17189: Apache HTTP server vulnerability CVE-2008-0456

Security Advisory Description CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP...

K12636: Slowloris denial-of-service attack vulnerability CVE-2007-6750

Security Advisory Description The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the modreqtimeout module in versions before 2.2.15. CVE-2007-6750 Impact The Slowlori...

K53280389: Apache HTTP server vulnerability CVE-2021-44790

Security Advisory Description A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache...

K16879: Apache Portable Runtime vulnerability CVE-2011-1928

Security Advisory Description Description The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of...

K15889: Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053

Security Advisory Description CVE-2011-3368 The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allo...

K15901: Apache HTTP server vulnerability CVE-2012-2687

Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web scri...

K17236: Apache HTTP server vulnerability CVE-2015-3185

Security Advisory Description The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass...

K15904: Multiple third-party application-server vulnerabilities

Security Advisory Description CVE-2003-1418 Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via 1 the ETag header, which reveals the inode number, or 2 multipart MIME boundary, which reveals child proccess IDs PID. CVE-2004-2320 The...

K20979231: Apache vulnerability CVE-2011-3639

Security Advisory Description The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy,...

K52470083: Apache vulnerability CVE-2010-0408

Security Advisory Description The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server...

K80080243: Apache vulnerability CVE-2009-3095

Security Advisory Description The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a...