Http Server@2.2.1 Security Vulnerabilities and Issues — Http Server@2.2.1 CVE List

Lucene search

ApacheHttp Server2.2.1

15 matches found

CVE•added 2010/03/05 7:30 p.m.•5821 views

CVE-2010-0425

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers...

10CVSS9.4AI score0.876EPSS

CVE•added 2011/12/27 6:55 p.m.•2367 views

CVE-2007-6750

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

5CVSS7AI score0.87519EPSS

CVE•added 2013/02/26 4:55 p.m.•1244 views

CVE-2012-3499

Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp,...

4.3CVSS6AI score0.21794EPSS

CVE•added 2012/08/22 7:55 p.m.•1222 views

CVE-2012-2687

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted f...

2.6CVSS5.5AI score0.05337EPSS

CVE•added 2013/02/26 4:55 p.m.•1106 views

CVE-2012-4558

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HT...

4.3CVSS6AI score0.65303EPSS

CVE•added 2011/11/08 11:55 a.m.•1045 views

CVE-2011-4415

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL...

1.2CVSS6AI score0.00677EPSS

CVE•added 2011/10/05 10:55 p.m.•1019 views

CVE-2011-3368

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to i...

5CVSS9.2AI score0.79132EPSS

CVE•added 2011/11/30 4:5 a.m.•796 views

CVE-2011-4317

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

4.3CVSS9.4AI score0.8939EPSS

CVE•added 2011/11/08 11:55 a.m.•753 views

CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted ...

4.4CVSS7.7AI score0.00459EPSS

CVE•added 2011/11/30 4:5 a.m.•741 views

CVE-2011-3639

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers...

4.3CVSS9.4AI score0.79132EPSS

CVE•added 2009/05/28 8:30 p.m.•344 views

CVE-2009-1195

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then...

4.9CVSS7.3AI score0.00216EPSS

CVE•added 2008/01/08 6:46 p.m.•186 views

CVE-2007-6422

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

4CVSS5.8AI score0.05534EPSS

CVE•added 2006/10/16 7:7 p.m.•178 views

CVE-2006-4154

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.

6.8CVSS7.3AI score0.32788EPSS

CVE•added 2008/01/08 7:46 p.m.•175 views

CVE-2007-6421

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

3.5CVSS7.8AI score0.03015EPSS

CVE•added 2008/05/13 9:20 p.m.•153 views

CVE-2008-2168

Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

4.3CVSS5.4AI score0.54708EPSS