Lucene search
K
HttpdMost viewed

271 matches found

Apache Httpd
Apache Httpd
•added 2001/10/12 12:0 a.m.•61 views

Apache Httpd < 1.3.22 : split-logfile can cause arbitrary log files to be written to

A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to...

5CVSS1.3AI score0.11922EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2017/06/30 12:0 a.m.•60 views

Apache Httpd < 2.4.27 : Read after free in mod_http2

When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour...

7.5CVSS1.5AI score0.09507EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2011/09/16 12:0 a.m.•59 views

Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure

An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...

5CVSS1.5AI score0.90734EPSS
Exploits12Affected Software1
Apache Httpd
Apache Httpd
•added 2007/12/15 12:0 a.m.•59 views

Apache Httpd < 2.2.8 : mod_status XSS

A flaw was found in the modstatus module. On sites where modstatus is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available...

4.3CVSS0.5AI score0.75891EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2007/12/12 12:0 a.m.•59 views

Apache Httpd < 2.2.8 : mod_proxy_balancer XSS

A flaw was found in the modproxybalancer module. On sites where modproxybalancer is enabled, a cross-site scripting attack against an authorized user is possible...

3.5CVSS0.4AI score0.08324EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2015/04/04 12:0 a.m.•58 views

Apache Httpd < 2.2.31 : HTTP request smuggling attack against chunked request parser

An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...

5CVSS6.2AI score0.73327EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2012/08/16 12:0 a.m.•58 views

Apache Httpd < 2.4.3 : Response mixup when using mod_proxy_ajp or mod_proxy_http

The modules modproxyajp and modproxyhttp did not always close the connection to the back end server when necessary as part of error handling. This could lead to an information disclosure due to a response mixup between users...

4.3CVSS0.4AI score0.09555EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2012/05/31 12:0 a.m.•58 views

Apache Httpd < 2.4.3 : XSS in mod_negotiation when untrusted uploads are supported

Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455...

4.3CVSS0.1AI score0.6477EPSS
Exploits3Affected Software1
Apache Httpd
Apache Httpd
•added 2002/05/27 12:0 a.m.•58 views

Apache Httpd < 2.0.37 : Apache Chunked encoding vulnerability

Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code...

7.5CVSS3AI score0.95027EPSS
Exploits8Affected Software1
Apache Httpd
Apache Httpd
•added 2009/12/30 12:0 a.m.•57 views

Apache Httpd < 1.3.42 : mod_proxy overflow on 64-bit systems

An incorrect conversion between numeric types flaw was found in the modproxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted...

6.8CVSS3.3AI score0.43421EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2009/03/09 12:0 a.m.•57 views

Apache Httpd < 2.2.12 : AllowOverride Options handling bypass

A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended...

4.9CVSS2.1AI score0.01955EPSS
Exploits4Affected Software1
Apache Httpd
Apache Httpd
•added 2008/05/29 12:0 a.m.•57 views

Apache Httpd < 2.0.64 : mod_proxy_http DoS

A flaw was found in the handling of excessive interim responses from an origin server when using modproxyhttp. A remote attacker could cause a denial of service or high memory usage...

5CVSS1.8AI score0.12714EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2004/08/25 12:0 a.m.•57 views

Apache Httpd < 2.0.51 : IPv6 URI parsing heap overflow

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

5CVSS1.2AI score0.21769EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2009/06/30 12:0 a.m.•56 views

Apache Httpd < 2.2.12 : mod_proxy reverse proxy DoS

A denial of service flaw was found in the modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time...

7.1CVSS2.3AI score0.16159EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2006/07/21 12:0 a.m.•56 views

Apache Httpd < 2.2.3 : mod_rewrite off-by-one error

An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...

7.6CVSS1.4AI score0.96436EPSS
Exploits20Affected Software1
Apache Httpd
Apache Httpd
•added 2002/09/20 12:0 a.m.•56 views

Apache Httpd < 1.3.27 : Error page XSS using wildcard DNS

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header...

6.8CVSS3.9AI score0.94006EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2007/10/23 12:0 a.m.•55 views

Apache Httpd < 2.0.63 : mod_imagemap XSS

A flaw was found in the modimagemap module. On sites where modimagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible...

4.3CVSS0.1AI score0.46603EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2007/10/12 12:0 a.m.•55 views

Apache Httpd < 2.2.9 : mod_proxy_balancer CSRF

The modproxybalancer provided an administrative interface that could be vulnerable to cross-site request forgery CSRF attacks...

4.3CVSS1.5AI score0.09114EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2018/06/29 12:0 a.m.•54 views

Apache Httpd < 2.4.34 : mod_md, DoS via Coredumps on specially crafted requests

By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server...

7.5CVSS0.8AI score0.51714EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2009/08/05 12:0 a.m.•54 views

Apache Httpd < 2.2.14 : Solaris pollset DoS

Faulty error handling was found affecting Solaris pollset support Event Port backend caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service...

7.5CVSS2AI score0.14173EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2007/10/23 12:0 a.m.•54 views

Apache Httpd < 2.2.8 : mod_imagemap XSS

A flaw was found in the modimagemap module. On sites where modimagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible...

4.3CVSS0.1AI score0.46603EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2006/05/15 12:0 a.m.•54 views

Apache Httpd < 1.3.39 : Signals to arbitrary processes

The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...

4.7CVSS0.9AI score0.03298EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2005/10/14 12:0 a.m.•54 views

Apache Httpd < 2.0.55 : Worker MPM memory leak

A memory leak in the worker MPM would allow remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. This issue was downgraded in severity to low from moderate as sucessful...

5CVSS3.8AI score0.1419EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2012/07/11 12:0 a.m.•53 views

Apache Httpd < 2.4.4 : XSS due to unescaped hostnames

Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp...

4.3CVSS0.9AI score0.22913EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2007/12/15 12:0 a.m.•52 views

Apache Httpd < 2.0.63 : mod_proxy_ftp UTF-7 XSS

A workaround was added in the modproxyftp module. On sites where modproxyftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616...

4.3CVSS1.1AI score0.14611EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2006/05/15 12:0 a.m.•52 views

Apache Httpd < 2.2.6 : Signals to arbitrary processes

The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...

4.7CVSS0.9AI score0.03298EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2003/06/08 12:0 a.m.•52 views

Apache Httpd < 1.3.32 : mod_proxy buffer overflow

A buffer overflow was found in the Apache proxy module, modproxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cau...

10CVSS2.1AI score0.33639EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2017/05/06 12:0 a.m.•51 views

Apache Httpd < 2.2.34 : ap_find_token() Buffer Overread

The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...

7.5CVSS2AI score0.57472EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2009/06/06 12:0 a.m.•51 views

Apache Httpd < 2.2.12 : APR-util XML DoS

A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language XML parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine...

7.5CVSS2.5AI score0.52988EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2008/07/28 12:0 a.m.•51 views

Apache Httpd < 2.2.10 : mod_proxy_ftp globbing XSS

A flaw was found in the handling of wildcards in the path of a FTP URL with modproxyftp. If modproxyftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting XSS attacks...

4.3CVSS0.1AI score0.38953EPSS
Exploits4Affected Software1
Apache Httpd
Apache Httpd
•added 2006/07/21 12:0 a.m.•51 views

Apache Httpd < 1.3.37 : mod_rewrite off-by-one error

An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...

7.6CVSS1.4AI score0.96436EPSS
Exploits20Affected Software1
Apache Httpd
Apache Httpd
•added 2003/04/09 12:0 a.m.•51 views

Apache Httpd < 2.0.46 : APR remote crash

A vulnerability in the aprpsprintf function in the Apache Portable Runtime APR library allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long strings, as demonstrated using XML objects to moddav, and possibly other vectors...

5CVSS6.8AI score0.63456EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2002/08/07 12:0 a.m.•51 views

Apache Httpd < 2.0.40 : Path vulnerability

Certain URIs would bypass security and allow users to invoke or access any file depending on the system configuration. Affects Windows, OS2, Netware and Cygwin platforms only...

7.5CVSS2.7AI score0.69698EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2002/07/05 12:0 a.m.•51 views

Apache Httpd < 2.0.40 : Path revealing exposures

A path-revealing exposure was present in multiview type map negotiation such as the default error documents where a module would report the full path of the typemapped .var file when multiple documents or no documents could be served. Additionally a path-revealing exposure in cgi/cgid when Apache...

5CVSS0.1AI score0.58676EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2002/02/13 12:0 a.m.•51 views

Apache Httpd < 1.3.24 : Win32 Apache Remote command execution

Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts...

7.5CVSS6.7AI score0.50371EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2010/05/04 12:0 a.m.•50 views

Apache Httpd < 2.0.64 : mod_cache and mod_dav DoS

A flaw was found in the handling of requests by modcache 2.2 and moddav 2.0 and 2.2. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated a...

5CVSS2.3AI score0.2187EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2009/09/04 12:0 a.m.•50 views

Apache Httpd < 2.2.14 : mod_proxy_ftp DoS

A NULL pointer dereference flaw was found in the modproxyftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service...

2.6CVSS0.6AI score0.08566EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2004/10/01 12:0 a.m.•50 views

Apache Httpd < 2.0.53 : SSLCipherSuite bypass

An issue has been discovered in the modssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any...

7.5CVSS1.4AI score0.13835EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2002/10/03 12:0 a.m.•50 views

Apache Httpd < 2.0.43 : CGI scripts source revealed using WebDAV

In Apache 2.0.42 only, for a location where both WebDAV and CGI were enabled, a POST request to a CGI script would reveal the CGI source to a remote user...

5CVSS0.1AI score0.1346EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2015/01/28 12:0 a.m.•49 views

Apache Httpd < 2.4.16 : mod_lua: Crash in websockets PING handling

A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...

5CVSS8.7AI score0.18812EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2013/03/13 12:0 a.m.•49 views

Apache Httpd < 2.0.65 : mod_rewrite log escape filtering

modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

5.1CVSS1.5AI score0.24886EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2006/10/19 12:0 a.m.•49 views

Apache Httpd < 1.3.39 : mod_status cross-site scripting

A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...

4.3CVSS0.5AI score0.27783EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2003/04/30 12:0 a.m.•49 views

Apache Httpd < 2.0.47 : mod_ssl renegotiation issue

A bug in the optional renegotiation code in modssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used SSLOptions +OptRenegotiate along with verification of client certificates and a change to the cipher suite over the...

6.4CVSS1AI score0.05993EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2003/02/24 12:0 a.m.•49 views

Apache Httpd < 2.0.46 : Filtered escape sequences

Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

5CVSS1.7AI score0.17413EPSS
Exploits8Affected Software1
Apache Httpd
Apache Httpd
•added 2011/12/30 12:0 a.m.•48 views

Apache Httpd < 2.2.22 : mod_log_config crash

A flaw was found in modlogconfig. If the '%cookienameC' log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

2.6CVSS1AI score0.30809EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2009/12/18 12:0 a.m.•48 views

Apache Httpd < 2.2.17 : expat DoS

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...

5CVSS2AI score0.24313EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2003/08/04 12:0 a.m.•48 views

Apache Httpd < 1.3.29 : Local configuration regular expression overflow

By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...

7.2CVSS1.3AI score0.1273EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2003/07/04 12:0 a.m.•48 views

Apache Httpd < 1.3.28 : RotateLogs DoS

The rotatelogs support program on Win32 and OS/2 would quit logging and exit if it received special control characters such as 0x1A...

5CVSS2.5AI score0.13429EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2011/08/20 12:0 a.m.•47 views

Apache Httpd < 2.0.65 : Range header remote DoS

A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory...

7.8CVSS2.4AI score0.98945EPSS
Exploits17Affected Software1
Apache Httpd
Apache Httpd
•added 2010/07/23 12:0 a.m.•47 views

Apache Httpd < 2.2.10 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in version 2.2.9 only, on Unix platforms. Under certain timeout conditions, the server could return a response intended for another user. Only those configurations which trigger the use of proxy worker pools are affected. There was no...

5CVSS1.1AI score0.08284EPSS
Exploits1Affected Software1
Total number of security vulnerabilities271