Lucene search
K
HttpdMost viewed

271 matches found

Apache Httpd
Apache Httpd
•added 2010/03/03 12:0 a.m.•46 views

Apache Httpd < 2.0.64 : apr_bridage_split_line DoS

A flaw was found in the aprbrigadesplitline function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service...

5CVSS2.2AI score0.20167EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2009/06/26 12:0 a.m.•46 views

Apache Httpd < 2.0.64 : mod_deflate DoS

A denial of service flaw was found in the moddeflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause moddeflate to consume large amounts of CPU...

7.1CVSS1AI score0.17111EPSS
Exploits3Affected Software1
Apache Httpd
Apache Httpd
•added 2007/05/02 12:0 a.m.•46 views

Apache Httpd < 2.0.61 : mod_cache proxy DoS

A bug was found in the modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module...

5CVSS1.2AI score0.11786EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2003/06/25 12:0 a.m.•46 views

Apache Httpd < 2.0.47 : Remote DoS with multiple Listen directives

In a server with multiple listening sockets a certain error returned by accept on a rarely access port can cause a temporary denial of service, due to a bug in the prefork MPM...

5CVSS1.4AI score0.09108EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2002/11/15 12:0 a.m.•46 views

Apache Httpd < 2.0.44 : Apache can serve unexpected files

On Windows platforms Apache could be forced to serve unexpected files by appending illegal characters such as '' to the request URL...

5CVSS2.4AI score0.05581EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2002/05/08 12:0 a.m.•46 views

Apache Httpd < 2.0.36 : Warning messages could be displayed to users

In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...

5CVSS6.4AI score0.12458EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2005/12/05 12:0 a.m.•45 views

Apache Httpd < 2.2.2 : mod_ssl access control DoS

A NULL pointer dereference flaw in modssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This...

5.4CVSS1.6AI score0.24286EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2005/12/05 12:0 a.m.•45 views

Apache Httpd < 2.0.58 : mod_ssl access control DoS

A NULL pointer dereference flaw in modssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This...

5.4CVSS1.6AI score0.24286EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2004/09/18 12:0 a.m.•45 views

Apache Httpd < 2.0.52 : Basic authentication bypass

A flaw in Apache 2.0.51 only broke the merging of the Satisfy directive which could result in access being granted to resources despite any configured authentication...

7.5CVSS1.6AI score0.06813EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2004/07/07 12:0 a.m.•45 views

Apache Httpd < 2.0.51 : SSL connection infinite loop

An issue was discovered in the modssl module in Apache 2.0. A remote attacker who forces an SSL connection to be aborted in a particular state may cause an Apache child process to enter an infinite loop, consuming CPU resources...

5CVSS1AI score0.22307EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2004/06/13 12:0 a.m.•45 views

Apache Httpd < 2.0.50 : Header parsing memory leak

A memory leak in parsing of HTTP headers which can be triggered remotely may allow a denial of service attack due to excessive memory consumption...

6.4CVSS4AI score0.84784EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2004/02/25 12:0 a.m.•45 views

Apache Httpd < 1.3.31 : listening socket starvation

A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...

7.5CVSS2.1AI score0.11549EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2003/02/24 12:0 a.m.•45 views

Apache Httpd < 1.3.31 : Error log escape filtering

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

5CVSS1.4AI score0.10872EPSS
Exploits7Affected Software1
Apache Httpd
Apache Httpd
•added 2002/09/24 12:0 a.m.•45 views

Apache Httpd < 2.0.42 : mod_dav crash

A flaw was found in handling of versioning hooks in moddav. An attacker could send a carefully crafted request in such a way to cause the child process handling the connection to crash. This issue will only result in a denial of service where a threaded process model is in use...

5CVSS2.1AI score0.07044EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2015/02/03 12:0 a.m.•44 views

Apache Httpd < 2.4.16 : Crash in ErrorDocument 400 handling

A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only...

5CVSS8.1AI score0.14734EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2014/09/17 12:0 a.m.•44 views

Apache Httpd < 2.4.12 : mod_proxy_fcgi out-of-bounds memory read

An out-of-bounds memory read was found in modproxyfcgi. A malicious FastCGI server could send a carefully crafted response which could lead to a crash when reading past the end of a heap memory or stack buffer. This issue affects version 2.4.10 only...

5CVSS8.3AI score0.10783EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2012/10/07 12:0 a.m.•44 views

Apache Httpd < 2.4.4 : XSS in mod_proxy_balancer

A XSS flaw affected the modproxybalancer manager interface...

4.3CVSS1.4AI score0.22913EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2007/12/15 12:0 a.m.•44 views

Apache Httpd < 1.3.41 : mod_status XSS

A flaw was found in the modstatus module. On sites where modstatus is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available...

4.3CVSS0.5AI score0.75891EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2005/11/01 12:0 a.m.•44 views

Apache Httpd < 2.0.58 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

4.3CVSS2.5AI score0.73692EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2005/07/07 12:0 a.m.•44 views

Apache Httpd < 2.0.55 : Byterange filter DoS

A flaw in the byterange filter would cause some responses to be buffered into memory. If a server has a dynamic resource such as a CGI script or PHP script which generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading ...

5CVSS0.8AI score0.10976EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2004/10/28 12:0 a.m.•44 views

Apache Httpd < 2.0.53 : Memory consumption DoS

An issue was discovered where the field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server the ability to cause Apache children to consume proportional amounts of memory, leading to a denial of...

5CVSS2.1AI score0.55105EPSS
Exploits7Affected Software1
Apache Httpd
Apache Httpd
•added 2004/04/02 12:0 a.m.•44 views

Apache Httpd < 2.0.45 : Line feed memory leak DoS

Apache 2.0 versions before Apache 2.0.45 had a significant Denial of Service vulnerability. Remote attackers could cause a denial of service memory consumption via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed...

5CVSS3.5AI score0.86677EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2003/08/04 12:0 a.m.•44 views

Apache Httpd < 2.0.48 : Local configuration regular expression overflow

By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...

7.2CVSS1.3AI score0.1273EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2000/10/13 12:0 a.m.•44 views

Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source

A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...

5CVSS2.2AI score0.10515EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2013/03/07 12:0 a.m.•43 views

Apache Httpd < 2.4.6 : mod_dav crash

Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault...

4.3CVSS0.1AI score0.29484EPSS
Exploits3Affected Software1
Apache Httpd
Apache Httpd
•added 2012/01/15 12:0 a.m.•43 views

Apache Httpd < 2.0.65 : error responses can expose cookies

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...

4.3CVSS0.8AI score0.82756EPSS
Exploits4Affected Software1
Apache Httpd
Apache Httpd
•added 2010/02/09 12:0 a.m.•43 views

Apache Httpd < 2.0.64 : mod_isapi module unload flaw

A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...

10CVSS2.8AI score0.94248EPSS
Exploits13Affected Software1
Apache Httpd
Apache Httpd
•added 2007/05/02 12:0 a.m.•43 views

Apache Httpd < 2.2.6 : mod_cache proxy DoS

A bug was found in the modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module...

5CVSS1.2AI score0.11786EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2005/10/14 12:0 a.m.•43 views

Apache Httpd < 2.0.55 : Malicious CRL off-by-one

An off-by-one stack overflow was discovered in the modssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list CRL...

5CVSS0.9AI score0.08388EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2004/08/05 12:0 a.m.•43 views

Apache Httpd < 2.0.51 : Environment variable expansion flaw

A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...

7.8CVSS3AI score0.01607EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2009/07/27 12:0 a.m.•42 views

Apache Httpd < 2.0.64 : APR apr_palloc heap overflow

A flaw in aprpalloc in the bundled copy of APR could cause heap overflows in programs that try to aprpalloc a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses...

10CVSS0.5AI score0.13781EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2005/10/14 12:0 a.m.•42 views

Apache Httpd < 2.0.55 : PCRE overflow

An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within httpd. A local user who has the ability to create .htaccess files could create a maliciously crafted regular expression in such as way that they could gain the privileges of a httpd child...

7.5CVSS1.3AI score0.04344EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2004/03/02 12:0 a.m.•42 views

Apache Httpd < 2.0.53 : mod_disk_cache stores sensitive headers

The experimental moddiskcache module stored client authentication credentials for cached objects such as proxy authentication credentials and Basic Authentication passwords on disk...

2.1CVSS2.7AI score0.035EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2000/02/25 12:0 a.m.•42 views

Apache Httpd < 1.3.12 : Cross-site scripting can reveal private session information

Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example...

4.3CVSS0.6AI score0.23456EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2011/12/30 12:0 a.m.•41 views

Apache Httpd < 2.0.65 : scoreboard parent DoS

A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly...

4.6CVSS0.2AI score0.02905EPSS
Exploits4Affected Software1
Apache Httpd
Apache Httpd
•added 2007/10/23 12:0 a.m.•41 views

Apache Httpd < 1.3.41 : mod_imagemap XSS

A flaw was found in the modimagemap module. On sites where modimagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible...

4.3CVSS0.1AI score0.46603EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2006/12/10 12:0 a.m.•41 views

Apache Httpd < 2.2.6 : mod_proxy crash

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

5CVSS1.5AI score0.12901EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2005/10/14 12:0 a.m.•41 views

Apache Httpd < 2.0.55 : HTTP Request Spoofing

A flaw occured when using the Apache server as a HTTP proxy. A remote attacker could send a HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, causing Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server ...

4.3CVSS0.3AI score0.20461EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2003/12/18 12:0 a.m.•41 views

Apache Httpd < 1.3.31 : mod_digest nonce checking

moddigest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that moddigest implements an older version of the MD5...

7.5CVSS3.2AI score0.05562EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2009/09/03 12:0 a.m.•40 views

Apache Httpd < 2.0.64 : mod_proxy_ftp FTP command injection

A flaw was found in the modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server...

5CVSS4.9AI score0.1256EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2003/10/15 12:0 a.m.•40 views

Apache Httpd < 1.3.31 : Allow/Deny parsing on big-endian 64-bit platforms

A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match...

7.5CVSS0.6AI score0.09744EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2003/02/24 12:0 a.m.•40 views

Apache Httpd < 2.0.49 : Error log escape filtering

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

5CVSS1.4AI score0.10872EPSS
Exploits7Affected Software1
Apache Httpd
Apache Httpd
•added 2009/12/09 12:0 a.m.•39 views

Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)

A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...

4.3CVSS1.1AI score0.18443EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2004/07/07 12:0 a.m.•39 views

Apache Httpd < 2.0.51 : Malicious SSL proxy can cause crash

An issue was discovered in the modssl module in Apache 2.0.44-2.0.50 which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue ...

5CVSS1.3AI score0.69653EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2004/07/01 12:0 a.m.•39 views

Apache Httpd < 2.0.50 : FakeBasicAuth overflow

A buffer overflow in the modssl FakeBasicAuth code could be exploited by an attacker using a trusted client certificate with a subject DN field which exceeds 6K in length...

7.5CVSS2AI score0.37681EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2004/02/20 12:0 a.m.•39 views

Apache Httpd < 2.0.49 : mod_ssl memory leak

A memory leak in modssl allows a remote denial of service attack against an SSL-enabled server by sending plain HTTP requests to the SSL port...

5CVSS2.4AI score0.09898EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2002/09/23 12:0 a.m.•39 views

Apache Httpd < 1.3.27 : Buffer overflows in ab utility

Buffer overflows in the benchmarking utility ab could be exploited if ab is run against a malicious server...

7.5CVSS1.6AI score0.21421EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2001/11/11 12:0 a.m.•39 views

Apache Httpd < 1.3.27 : Shared memory permissions lead to local privilege escalation

The permissions of the shared memory used for the scoreboard allows an attacker who can execute under the Apache UID to send a signal to any process as root or cause a local denial of service attack...

7.2CVSS3.4AI score0.00944EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2006/12/10 12:0 a.m.•38 views

Apache Httpd < 2.0.61 : mod_proxy crash

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

5CVSS1.5AI score0.12901EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2000/10/13 12:0 a.m.•38 views

Apache Httpd < 1.3.14 : Requests can cause directory listing to be displayed on NT

A security hole on Apache for Windows allows a user to view the listing of a directory instead of the default HTML page by sending a carefully constructed request...

5CVSS0.7AI score0.46653EPSS
Exploits1Affected Software1
Total number of security vulnerabilities271