Http Server@2.4.25 Security Vulnerabilities and Issues — Http Server@2.4.25 CVE List

Lucene search

ApacheHttp Server2.4.25

4 matches found

CVE•added 2017/06/20 1:29 a.m.•6001 views

CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or t...

7.5CVSS8.4AI score0.61275EPSS

CVE•added 2017/06/20 1:29 a.m.•5800 views

CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

9.8CVSS9.4AI score0.39116EPSS

CVE•added 2017/09/18 3:29 p.m.•3287 views

CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker send...

7.5CVSS7.7AI score0.93868EPSS

CVE•added 2017/07/26 9:29 p.m.•592 views

CVE-2017-7659

A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.

7.5CVSS8.2AI score0.51355EPSS