5843 matches found
PT-2025-23291 · Undefined · Undefined
CVE-2022-26056 - Apache HTTP Server XML External Entity XXE Injection CVE ID : CVE-2022-26056 Published : May 28, 2025, 5:15 p.m. | 16 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit...
PT-2025-23353 · Undefined · Undefined
CVE-2022-46734 - Apache HTTP Server Unvalidated Redirect CVE ID : CVE-2022-46734 Published : May 28, 2025, 7:15 p.m. | 2 hours, 15 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the...
PT-2025-23232 · Undefined · Undefined
CVE-2022-21200 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2022-21200 Published : May 27, 2025, 11:15 p.m. | 2 hours, 15 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit th...
PT-2025-22975 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a credentials disclosure problem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...
PT-2025-23162 · Undefined · Undefined
CVE-2022-0003 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2022-0003 Published : May 27, 2025, 4:15 p.m. | 1 hour, 15 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit...
PT-2025-22973 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a Cross-Site Request Forgery in the Apache HTTP Server. No specific details about affected devices or real-world incidents are provided. Recommendations: At th...
CVE-2021-29641
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...
CVE-2020-25073
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service or from PageKite is considered a local connection. This affects both the freedombox and plinth packages of some...
CVE-2019-17104
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...
CVE-2019-19791
In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...
CVE-2018-20932
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains SEC-406...
CVE-2019-13980
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads//originals remote code execution with nginx...
CVE-2014-5329
GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...
CVE-2013-1048
The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...
CVE-2016-10796
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files SEC-130...
CVE-2012-4001
The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...
CVE-2009-3890
Unrestricted file upload vulnerability in the wpcheckfiletype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the modmime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an...
CVE-2003-1580
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...
CVE-2005-4814
Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory...
Exploit for Use of Less Trusted Source in Apache Http_Server
CVE-2022-31813 Vulnerability Checker Author: Derek Odiorn...