Lucene search
K
ApacheHttp Server

46 matches found

CVE
CVE
added 2018/03/09 8:0 p.m.3153 views

CVE-2016-8612

CVE-2016-8612 affects Apache HTTP Server mod_cluster prior to httpd 2.4.23, with a flaw in the protocol parsing logic of the load balancer that can cause a Segmentation Fault in the httpd process due to improper input validation. Exploitation details are not provided in the connected documents; r...

4.3CVSS5.2AI score0.04692EPSS
CVE
CVE
added 2019/06/11 9:35 p.m.2161 views

CVE-2019-0197

The CVE-2019-0197 entry concerns Apache HTTP Server 2.4.34–2.4.38. When HTTP/2 is enabled for an http: host or H2Upgrade is enabled for h2 on an https: host, an Upgrade request from http/1.1 to http/2 that is not the first request on a connection could cause misconfiguration and crash. Servers th...

4.9CVSS5.5AI score0.08441EPSS
CVE
CVE
added 2014/12/29 11:0 p.m.2079 views

CVE-2014-8109

CVE-2014-8109 affects the Apache HTTP Server 2.3.x and 2.4.x up to 2.4.10, where mod_lua.c does not properly handle an httpd configuration using the same Lua authorization provider with different arguments across contexts. This can allow remote attackers to bypass access restrictions via multiple...

4.3CVSS6.7AI score0.22016EPSS
CVE
CVE
added 2015/07/20 11:0 p.m.1589 views

CVE-2015-3185

CVE-2015-3185 affects Apache HTTP Server (httpd) 2.4.x up to before 2.4.14. The ap_some_auth_required() function in server/request.c could incorrectly treat a request as authenticated, allowing modules using this API to bypass intended access controls. The issue’s fix/backport is described as imp...

4.3CVSS6.6AI score0.18795EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.1424 views

CVE-2014-0118

CVE-2014-0118 affects the Apache HTTP Server mod_deflate: the deflate_in_filter in mod_deflate.c allows remote denial-of-service when request body decompression is enabled, by processing crafted data that expands to a large size. Affected versions are Apache httpd prior to 2.4.10. Impact is resou...

4.3CVSS6.3AI score0.37156EPSS
CVE
CVE
added 2013/02/26 4:0 p.m.1353 views

CVE-2012-3499

CVE-2012-3499 affects Apache HTTP Server 2.2.x (pre-2.2.24-dev) and 2.4.x (pre-2.4.4). The issue comprises multiple XSS flaws in modules including mod_imagemap, mod_info, mod_ldap, mod_proxy_ftp, and mod_status. An attacker can inject arbitrary web script/HTML via crafted Host header or URI-relat...

4.3CVSS6AI score0.22913EPSS
CVE
CVE
added 2007/10/20 10:0 a.m.1266 views

CVE-2003-1418

CVE-2003-1418 affects Apache HTTP Server 1.3.22–1.3.27 on OpenBSD. The root cause is information disclosure via (1) ETag headers that reveal inode numbers and (2) multipart MIME boundaries that reveal child process IDs (PIDs). Practical impact is partial information disclosure that can aid reconn...

4.3CVSS7.4AI score0.06581EPSS
CVE
CVE
added 2013/07/10 8:0 p.m.1257 views

CVE-2013-1896

The CVE-2013-1896 issue affects the Apache HTTP Server: mod_dav.c fails to correctly determine if DAV is enabled for a URI, allowing a remote attacker to trigger a segfault via a MERGE request when the URI is handled by mod_dav_svn and the href in the XML data points to a non-DAV URI. This can le...

4.3CVSS6.2AI score0.29484EPSS
CVE
CVE
added 2012/01/28 2:0 a.m.1208 views

CVE-2012-0053

CVE-2012-0053 affects Apache HTTP Server 2.2.x up to 2.2.21. The flaw in protocol.c during 400 error page construction can reveal HTTPOnly cookie values via long/malformed headers with crafted scripts. Remediation per advisories: upgrade to 2.2.22 or later (e.g., httpd 2.2.22).

4.3CVSS6.2AI score0.82756EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.1179 views

CVE-2014-0117

The vulnerability CVE-2014-0117 affects the Apache HTTP Server, specifically the mod_proxy behavior in the 2.4.x line prior to 2.4.10. When a reverse proxy is enabled, a remote attacker can craft an HTTP Connection header to trigger a denial of service (child process crash). This is documented ac...

4.3CVSS8.6AI score0.35543EPSS
Web
CVE
CVE
added 2013/02/26 4:0 p.m.1151 views

CVE-2012-4558

CVE-2012-4558 is an XSS vulnerability in Apache HTTP Server's balancer_handler (mod_proxy_balancer). Remote attackers can inject arbitrary web script/HTML via a crafted string in the manager interface for Apache 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4. Impact is arbitrary script execution ...

4.3CVSS6AI score0.22913EPSS
CVE
CVE
added 2011/11/30 2:0 a.m.880 views

CVE-2011-4317

The CVE-2011-4317 issue concerns Apache HTTP Server in reverse proxy configurations (ProxyPassMatch/RewriteRule with [P]). It enables remote access to intranet servers via a malformed URI containing @ and : when the Revision 1179239 patch is applied, reflecting an incomplete fix for CVE-2011-3368...

4.3CVSS9.4AI score0.60783EPSS
CVE
CVE
added 2012/01/18 8:0 p.m.832 views

CVE-2012-0031

CVE-2012-0031 affects Apache HTTP Server 2.2.21 and earlier, specifically scoreboard.c. The vulnerability allows local users to cause a denial of service (daemon crash during shutdown) or potentially other unspecified impact by modifying a type field in a shared scoreboard Memory segment, which l...

4.6CVSS7AI score0.02905EPSS
CVE
CVE
added 2011/11/08 11:0 a.m.801 views

CVE-2011-3607

The CVE-2011-3607 issue affects the Apache HTTP Server 2.0.x (up to 2.0.64) and 2.2.x (up to 2.2.21) when mod_setenvif is enabled. An integer overflow in ap_pregsub() in server/util.c can cause a heap-based buffer overflow, enabling local privilege escalation via a crafted .htaccess SetEnvIf dire...

4.4CVSS7.7AI score0.04716EPSS
CVE
CVE
added 2011/11/30 2:0 a.m.795 views

CVE-2011-3639

CVE-2011-3639 affects the Apache HTTP Server mod_proxy when using reverse proxy configurations (RewriteRule/ProxyPassMatch). The initial fix for CVE-2011-3368 did not fully address the issue, allowing a remote attacker to connect to an intranet/hidden server by sending HTTP/0.9 with a malformed U...

4.3CVSS9.4AI score0.52531EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.781 views

CVE-2013-4352

CVE-2013-4352 affects Apache HTTP Server (httpd) 2.4.x, specifically the mod_cache cache_storage.c: the cache_invalidate path in forward proxy caching can trigger a NULL pointer dereference, crashing the httpd and causing a Denial of Service. Public disclosures tie this to Apache httpd 2.4.6; mul...

4.3CVSS8.7AI score0.11534EPSS
CVE
CVE
added 2011/05/16 5:0 p.m.759 views

CVE-2011-0419

CVE-2011-0419 is a stack consumption/DoS vulnerability in the APR library’s fnmatch implementation (apr_fnmatch.c) and, for some platforms, in libc’s fnmatch.c. It affects APR < 1.4.3 and Apache HTTP Server

4.3CVSS7.7AI score0.30406EPSS
CVE
CVE
added 2011/09/19 3:0 p.m.728 views

CVE-2011-3348

The CVE-2011-3348 issue affects the Apache HTTP Server’s mod_proxy_ajp in combination with mod_proxy_balancer, where certain configurations allow remote attackers to trigger a denial of service by sending a malformed HTTP request. The vulnerability is described as causing a temporary error state ...

4.3CVSS6.1AI score0.2238EPSS
CVE
CVE
added 2008/01/25 12:0 a.m.484 views

CVE-2008-0455

CVE-2008-0455 is an XSS vulnerability in the mod_negotiation module of Apache HTTP Server. A remote authenticated attacker can upload a file whose name contains XSS sequences and a file extension, causing arbitrary script/HTML to be injected into HTTP responses (notably for 406 Not Acceptable or ...

4.3CVSS5AI score0.6477EPSS
CVE
CVE
added 2010/03/05 7:0 p.m.455 views

CVE-2010-0434

CVE-2010-0434 affects the Apache HTTP Server 2.2.x series (pre-2.2.15) where the ap_read_request handling in server/protocol.c for multithreaded MPMs could disclose memory contents by accessing headers of subrequests tied to an earlier request. Public sources in connected docs (e.g., Debian secur...

4.3CVSS8.8AI score0.18443EPSS
CVE
CVE
added 2008/08/06 6:0 p.m.387 views

CVE-2008-2939

CVE-2008-2939 is an XSS vulnerability in the Apache HTTP Server when using the mod_proxy_ftp module. The flaw arises from insufficient sanitization of user-supplied data in FTP URIs, specifically involving a wildcard in the last directory component of the pathname. A remote attacker could inject ...

4.3CVSS6.7AI score0.38953EPSS
CVE
CVE
added 2009/05/28 8:14 p.m.387 views

CVE-2009-1195

CVE-2009-1195 affects the Apache HTTP Server 2.2.x line (2.2.11 and earlier). The issue arises from improper handling of the Options=IncludesNOEXEC in the AllowOverride directive, enabling local users to configure .htaccess files to enable script execution via (1) Options Includes, (2) Options +I...

4.9CVSS7.3AI score0.01955EPSS
CVE
CVE
added 2007/12/13 6:0 p.m.364 views

CVE-2007-5000

CVE-2007-5000 affects Apache HTTP Server mod_imap and mod_imagemap (v1.3.0–1.3.39 and v2.0.35–2.0.61). The flaw is due to insufficient input validation, allowing remote script/HTML injection via unspecified vectors. Public advisories note fixes in later Apache releases (and related packages); mit...

4.3CVSS8AI score0.46603EPSS
CVE
CVE
added 2007/12/03 10:0 p.m.298 views

CVE-2007-6203

Apache HTTP Server 2.0.x and 2.2.x are affected by CVE-2007-6203, where the HTTP Method header is not sanitized when reflected in a 413 Response, enabling cross-site scripting-like attacks via headers sent by the client. The root cause is lack of sanitization of the Method specifier header in suc...

4.3CVSS7.6AI score0.80749EPSS
CVE
CVE
added 2006/07/28 12:0 a.m.264 views

CVE-2006-3918

CVE-2006-3918 is an Apache HTTP Server/IBM HTTP Server issue where the HTTP Expect header is not sanitized when echoed back in error messages, enabling potential cross-site scripting via headers (as demonstrated with Flash/other clients). Affected products and versions include Apache HTTP Server ...

4.3CVSS7AI score0.94926EPSS
CVE
CVE
added 2008/01/08 6:0 p.m.255 views

CVE-2007-6388

CVE-2007-6388 is an XSS vulnerability in Apache HTTP Server mod_status when the server-status page is enabled. The initial description covers affected versions: Apache HTTP Server 2.2.0–2.2.6, 2.0.35–2.0.61, and 1.3.2–1.3.39, with arbitrary web script/HTML injection possible via unspecified vecto...

4.3CVSS8AI score0.75891EPSS
CVE
CVE
added 2007/06/27 5:0 p.m.239 views

CVE-2006-5752

CVE-2006-5752 is a cross-site scripting (XSS) vulnerability in the Apache HTTP Server mod_status component when ExtendedStatus is enabled and a public server-status page is used. The issue arises via browsers performing charset detection when the content-type is not specified, allowing remote att...

4.3CVSS5.7AI score0.27783EPSS
CVE
CVE
added 2008/01/12 12:0 a.m.227 views

CVE-2007-6420

The CVE-2007-6420 issue is a CSRF vulnerability in the balancer-manager interface of Apache HTTP Server 2.2.x (mod_proxy_balancer). The vulnerability could allow remote attackers to gain privileges via unspecified vectors affecting the balancer-management UI. Connected advisories indicate multipl...

4.3CVSS6.7AI score0.09114EPSS
CVE
CVE
added 2008/01/08 6:0 p.m.218 views

CVE-2007-6422

CVE-2007-6422 affects Apache HTTP Server 2.2.0–2.2.6 when using a threaded MPM. The vulnerability in the mod_proxy_balancer module allows remote authenticated users to cause a denial of service by triggering a crash of the Apache child process via an invalid bb variable. This is documented in mul...

4CVSS5.8AI score0.09951EPSS
CVE
CVE
added 2026/05/04 2:42 p.m.200 views

CVE-2026-33006

The CVE-2026-33006 issue affects Apache HTTP Server 2.4.66 and its mod_auth_digest component. A timing-based flaw allows a remote attacker to bypass Digest authentication. The known remediation is upgrading to Apache HTTP Server 2.4.67, which fixes the vulnerability. The NVD entry documents a MED...

4.8CVSS5.8AI score0.00557EPSS
CVE
CVE
added 2012/08/22 7:0 p.m.198 views

CVE-2012-3502

Apache HTTP Server 2.4.x before 2.4.3 is affected by CVE-2012-3502. The vulnerability lies in the proxy components (mod_proxy_ajp.c and mod_proxy_http.c) where the server does not correctly determine when to close a back-end connection, allowing an attacker to read a response intended for a diffe...

4.3CVSS6AI score0.09555EPSS
CVE
CVE
added 2005/12/13 8:0 p.m.184 views

CVE-2005-3352

The CVE-2005-3352 entry documents a cross-site scripting (XSS) vulnerability in the Apache httpd mod_imap (and mod_imagemap) module. The issue arises from improper handling of the Referer header when using image maps, allowing an attacker to inject arbitrary script or HTML. Affected software is A...

4.3CVSS7.9AI score0.73692EPSS
CVE
CVE
added 2007/06/20 10:0 p.m.180 views

CVE-2007-3304

CVE-2007-3304 affects Apache HTTP Server (httpd) with the Prefork MPM. The issue arises when a local attacker can modify the scoreboard arrays (worker_score and process_score) to reference another process, enabling the master process to send SIGUSR1 and terminate that process, potentially causing...

4.7CVSS6.2AI score0.03298EPSS
CVE
CVE
added 2008/05/13 9:0 p.m.175 views

CVE-2008-2168

CVE-2008-2168 : The linked SUSE/NVD entries describe a cross-site scripting (XSS) vulnerability in Apache HTTP Server up to version 2.2.6 and earlier, exploitable via UTF-7 encoded URLs that are mishandled when rendering the 403 Forbidden error page. Attacker-provided URL input can inject arbitra...

4.3CVSS5.4AI score0.54851EPSS
CVE
CVE
added 2007/04/13 5:0 p.m.167 views

CVE-2007-1743

CVE-2007-1743 affects Apache HTTP Server (httpd) with the suexec module. The issue is that suexec (in httpd 2.2.3) does not verify combinations of user and group IDs on the command line, which might allow a local user to leverage other vulnerabilities to create arbitrary UID/GID–owned files if /p...

4.4CVSS6.5AI score0.00703EPSS
CVE
CVE
added 2006/08/14 8:0 p.m.161 views

CVE-2006-4110

CVE-2006-4110 affects Apache 2.2.2 running on Windows. An information-disclosure vulnerability arises when the CGI directory is within the document root: requests that alter the case of the directory name bypass the ScriptAlias handler on a case-insensitive filesystem, allowing attackers to read ...

4.3CVSS6.8AI score0.3938EPSS
CVE
CVE
added 2008/01/12 12:0 a.m.152 views

CVE-2008-0005

CVE-2008-0005 affects Apache httpd mod_proxy_ftp: versions prior to 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev do not define a charset, enabling remote XSS via UTF-7 encoding. Remediation per connected advisories: upgrade to patched Apache httpd versions that backport fixes f...

4.3CVSS8.6AI score0.14611EPSS
CVE
CVE
added 2009/06/06 6:0 p.m.148 views

CVE-2009-0023

CVE-2009-0023 affects Apache APR-util prior to 1.3.5. The vulnerability in apr_strmatch_precompile (strmatch/apr_strmatch.c) can be exploited by crafted input via that library’s usage contexts (e.g., .htaccess with Apache HTTP Server, SVNMasterURI in mod_dav_svn, mod_apreq2, or applications using...

4.3CVSS7.5AI score0.0853EPSS
CVE
CVE
added 2005/06/30 4:0 a.m.131 views

CVE-2005-2088

The CVE-2005-2088 vulnerability affects the Apache HTTP Server when acting as an HTTP proxy. Specifically, versions before 1.3.34 and 2.0.x before 2.0.55 are susceptible. The issue arises from handling a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be...

4.3CVSS5.8AI score0.20461EPSS
CVE
CVE
added 2011/05/24 11:0 p.m.120 views

CVE-2011-1928

The CVE-2011-1928 issue affects the APR library’s fnmatch implementation (apr_fnmatch.c) in APR 1.4.3/1.4.4 and Apache HTTP Server 2.2.18, causing an infinite-loop DoS when processing certain URIs due to an incorrect fix for CVE-2011-0419. Connected advisories note the problem is triggered by wil...

4.3CVSS6.7AI score0.10322EPSS
CVE
CVE
added 2007/12/21 10:0 p.m.96 views

CVE-2007-6514

CVE-2007-6514 affects Apache HTTP Server when run on Linux with a document root on a Windows SMB share mounted via smbfs. The vulnerability arises from a trailing backslash () not being handled by the AddType directive, allowing remote attackers to disclose unprocessed contents of PHP files (e.g....

4.3CVSS6.6AI score0.38042EPSS
CVE
CVE
added 2006/10/23 5:0 p.m.91 views

CVE-2003-1307

Summary: CVE-2003-1307 affects the mod_php module of the Apache HTTP Server. Vulnerability: Local users with write access to PHP scripts can signal the server’s process group and manipulate server file descriptors, demonstrated by sending a STOP signal and intercepting connections on the server’s...

4.3CVSS6.4AI score0.01603EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.81 views

CVE-2002-1658

CVE-2002-1658 describes a buffer overflow in htdigest used by Apache 1.3.26/1.3.27 that may allow arbitrary code execution via a long user argument. The vulnerability is tied to htdigest functionality, with local access as the attack vector and no setuid/setgid context; escalation of privileges i...

4.6CVSS8.3AI score0.01054EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.80 views

CVE-2000-1205

CVE-2000-1205 covers cross-site scripting in Apache 1.3.0–1.3.11. The vulnerability allows remote attackers to execute script as other visitors via (1) printenv CGI (printenv.pl) output, (2) error pages generated by ap_send_error_response (e.g., default 404) that omit an explicit charset, or (3) ...

4.3CVSS6.6AI score0.23456EPSS
Web
CVE
CVE
added 2007/06/20 10:0 p.m.77 views

CVE-2007-3303

CVE-2007-3303 affects Apache httpd 2.0.59 and 2.2.4 with the Prefork MPM. The described issue arises from certain code sequences executed in a worker process, which can either stop request processing by killing all workers and preventing replacements, or cause the master process to fork an arbitr...

4.9CVSS6.3AI score0.0089EPSS
CVE
CVE
added 2010/02/05 10:13 p.m.70 views

CVE-2003-1580

The CVE-2003-1580 issue affects Apache HTTP Server 2.0.44 when DNS resolution is enabled for client IPs. The vulnerability arises from a logging format that does not indicate whether a dotted-quad IP address is unresolved, which can allow remote attackers to spoof IP addresses by sending crafted ...

4.3CVSS6.8AI score0.03709EPSS