Http Server@2.2.0 Security Vulnerabilities and Issues — Http Server@2.2.0 CVE List

Lucene search

ApacheHttp Server2.2.0

4 matches found

CVE•added 2017/06/20 1:29 a.m.•22532 views

CVE-2017-7679

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

9.8CVSS9.5AI score0.57468EPSS

CVE•added 2017/06/20 1:29 a.m.•7444 views

CVE-2017-3167

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

9.8CVSS9.6AI score0.0846EPSS

CVE•added 2017/06/20 1:29 a.m.•5811 views

CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

9.8CVSS9.4AI score0.37704EPSS

CVE•added 2017/07/27 9:29 p.m.•2214 views

CVE-2016-8743

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end ...

7.5CVSS7.7AI score0.05527EPSS