Lucene search
K
ApacheHttp Server2.4.55

4 matches found

CVE
CVE
•added 2023/03/07 3:9 p.m.•9207 views

CVE-2023-25690

CVE-2023-25690 concerns Apache HTTP Server 2.4.0–2.4.55 with mod_proxy enabled when combined with certain RewriteRule or ProxyPassMatch patterns that re-insert user-supplied URL data into the proxied request-target via variable substitution. The underlying flaw enables HTTP request smuggling thro...

9.8CVSS9.8AI score0.8377EPSS
In wildWeb
CVE
CVE
•added 2024/07/01 6:10 p.m.•3218 views

CVE-2024-36387

CVE-2024-36387 affects the Apache httpd mod_http2 component: when serving WebSocket protocol upgrades over HTTP/2, it can trigger a NULL pointer dereference and crash the server, degrading performance (DoS). Connected advisories indicate patches across distributions (e.g., Debian security update ...

5.4CVSS6.4AI score0.01715EPSS
CVE
CVE
•added 2023/10/23 6:50 a.m.•677 views

CVE-2023-43622

CVE-2023-43622 affects Apache HTTP Server via the mod_http2 implementation. An attacker opening an HTTP/2 connection with an initial window size of 0 could block handling of that connection indefinitely, potentially exhausting server worker resources in a pattern similar to the slow loris attack....

7.5CVSS7.5AI score0.70595EPSS
CVE
CVE
•added 2026/06/08 3:24 p.m.•76 views

CVE-2026-48913

This CVE (CVE-2026-48913) concerns Apache HTTP Server’s mod_http2 component. The reported issue is a Use After Free vulnerability when file handles are exhausted, affecting Apache HTTP Server versions 2.4.55–2.4.67. The description and connected sources consistently cite memory- or resource-relat...

7.3CVSS5.5AI score0.00461EPSS