Lucene search

K
ApacheHttp Server2.2.18

13 matches found

CVE
CVE
added 2017/06/20 1:29 a.m.5795 views

CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

9.8CVSS9.4AI score0.41379EPSS
CVE
CVE
added 2018/08/14 1:0 p.m.3004 views

CVE-2016-4975

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2...

6.1CVSS6.9AI score0.77046EPSS
CVE
CVE
added 2013/02/26 4:55 p.m.1244 views

CVE-2012-3499

Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp,...

4.3CVSS6AI score0.21794EPSS
CVE
CVE
added 2012/08/22 7:55 p.m.1221 views

CVE-2012-2687

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted f...

2.6CVSS5.5AI score0.05337EPSS
CVE
CVE
added 2013/02/26 4:55 p.m.1106 views

CVE-2012-4558

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HT...

4.3CVSS6AI score0.65303EPSS
CVE
CVE
added 2011/11/08 11:55 a.m.1045 views

CVE-2011-4415

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL...

1.2CVSS6AI score0.00677EPSS
CVE
CVE
added 2011/10/05 10:55 p.m.1019 views

CVE-2011-3368

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to i...

5CVSS9.2AI score0.79132EPSS
CVE
CVE
added 2014/04/15 10:55 a.m.828 views

CVE-2013-5704

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

5CVSS5.7AI score0.8475EPSS
CVE
CVE
added 2011/11/30 4:5 a.m.796 views

CVE-2011-4317

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

4.3CVSS9.4AI score0.8939EPSS
CVE
CVE
added 2011/11/08 11:55 a.m.753 views

CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted ...

4.4CVSS7.7AI score0.00459EPSS
CVE
CVE
added 2012/11/30 7:55 p.m.528 views

CVE-2012-4557

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.

5CVSS6.2AI score0.29065EPSS
CVE
CVE
added 2012/01/28 4:5 a.m.257 views

CVE-2012-0021

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks bot...

2.6CVSS8.8AI score0.3296EPSS
CVE
CVE
added 2011/05/24 11:55 p.m.101 views

CVE-2011-1928

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by ...

4.3CVSS6.7AI score0.50389EPSS