Lucene search
K
ApacheHttp Server

22 matches found

CVE
CVE
added 2020/04/01 11:8 p.m.5897 views

CVE-2020-1927

CVE-2020-1927 affects Apache HTTP Server 2.4.0–2.4.41, where mod_rewrite redirects intended to be self-referential could be fooled by encoded newlines and redirect to an unexpected URL within the request. Multiple connected advisories confirm the issue and indicate that fixes were released in Apa...

6.1CVSS6.7AI score0.56691EPSS
CVE
CVE
added 2024/07/04 8:36 a.m.4132 views

CVE-2024-39884

CVE-2024-39884 affects Apache HTTP Server (notably 2.4.60 and older) where legacy content-type based configuration (e.g., AddType) could cause source code disclosure for indirectly requested files, potentially exposing local content (e.g., PHP scripts being served). Affected vendors consistently ...

6.2CVSS7.4AI score0.00889EPSS
CVE
CVE
added 2024/04/04 7:20 p.m.3873 views

CVE-2024-24795

CVE-2024-24795 (httpd) describes HTTP response splitting in multiple Apache HTTP Server modules when malicious response headers can be injected into backend applications, enabling HTTP desynchronization. The vulnerability is mitigated by upgrading to Apache HTTP Server 2.4.59, as indicated across...

6.3CVSS7AI score0.02874EPSS
CVE
CVE
added 2019/09/25 4:39 p.m.3676 views

CVE-2019-10098

Apache httpd (2.4.0–2.4.39) is affected by CVE-2019-10098 via mod_rewrite: self-referential redirects can be fooled by encoded newlines, causing redirects to an unexpected URL. Connected advisories confirm affected versions and that exploitation could enable phishing via redirects. Mitigation is ...

6.1CVSS7.7AI score0.73981EPSS
CVE
CVE
added 2019/09/26 2:7 p.m.3426 views

CVE-2019-10092

The CVE-2019-10092 entry concerns Apache HTTP Server 2.4.0–2.4.39 with a limited cross-site scripting in the mod_proxy error page. The vulnerability lets an attacker craft a link on the error page that could mislead users by pointing to a page of the attacker’s choosing, but exploitation requires...

6.1CVSS7.3AI score0.81466EPSS
CVE
CVE
added 2018/08/14 1:0 p.m.3114 views

CVE-2016-4975

CVE-2016-4975: Apache HTTP Server is vulnerable to CRLF injection in mod_userdir causing HTTP response splitting. Affected: 2.4.1–2.4.23. Mitigation/fix: upgrade to Apache HTTP Server 2.4.25 (and 2.2.32 for the 2.2 line). The issue is resolved by changes that prohibit CR or LF injection into head...

6.1CVSS6.9AI score0.19798EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.2127 views

CVE-2014-0226

Apache HTTP Server CVE-2014-0226 is a race-condition vulnerability in the mod_status component that can cause a heap-based buffer overflow, denial of service, and potentially credential disclosure or code execution. Affects httpd before 2.4.10; the issue arises from improper scoreboard handling i...

6.8CVSS7AI score0.85744EPSS
In wildWeb
CVE
CVE
added 2012/04/18 10:0 a.m.1309 views

CVE-2012-0883

CVE-2012-0883 affects the Apache HTTP Server up to version 2.4.2, where the envvars (envvars-std) feature places a zero-length directory name in LD_LIBRARY_PATH. This enables local users to gain privileges by exploiting a Trojan horse DSO in the current working directory during execution of apach...

6.9CVSS6.1AI score0.00946EPSS
CVE
CVE
added 2018/07/26 5:0 p.m.727 views

CVE-2017-12171

CVE-2017-12171 is a vulnerability reported for Red Hat Enterprise Linux 6.9 with httpd 2.2.15-60. The regression causes comments in the Allow and Deny directives to be parsed incorrectly, potentially allowing a remote attacker to bypass access controls and gain access to a restricted HTTP resourc...

6.5CVSS6.6AI score0.08078EPSS
CVE
CVE
added 2025/12/05 10:46 a.m.441 views

CVE-2025-65082

CVE-2025-65082 affects Apache HTTP Server 2.4.0–2.4.65, due to improper neutralization of Escape, Meta, or Control sequences in environment variables set via Apache config, which can supersede server-calculated CGI variables. The issue, identified across multiple advisories (Debian DLA-4452-1, AL...

6.5CVSS6.5AI score0.00771EPSS
CVE
CVE
added 2007/04/13 4:0 p.m.272 views

CVE-2007-1741

CVE-2007-1741 affects Apache HTTP Server (httpd) and its suexec module (v2.2.3). The issue comprises multiple race conditions between directory/file validation and their usage in suexec, enabling local users to gain privileges and execute arbitrary code by renaming directories or performing symli...

6.2CVSS7.2AI score0.00516EPSS
CVE
CVE
added 2025/07/23 1:19 p.m.251 views

CVE-2025-54090

Summary of CVE-2025-54090 : The issue affects Apache HTTP Server, specifically version 2.4.64, where all "RewriteCond expr ..." tests evaluate as true due to a bug in the expression evaluation. The remedy is to upgrade to version 2.4.65, which includes the fix. The provided connected documents co...

6.3CVSS6.2AI score0.00691EPSS
CVE
CVE
added 2007/09/14 12:0 a.m.215 views

CVE-2007-4465

The CVE-2007-4465 entry covers an XSS in Apache httpd’s mod_autoindex.c (pre-2.2.6) where an undefined page charset allows injection via the P parameter using UTF-7. Impact is cross-site scripting; remediation is to upgrade Apache httpd to 2.2.6 or newer (as per the cited advisory). The descripti...

6.1CVSS5.4AI score0.26188EPSS
CVE
CVE
added 2006/10/16 7:0 p.m.196 views

CVE-2006-4154

CVE-2006-4154 describes a format-string vulnerability in the Apache mod_tcl module (version 1.0 for Apache 2.x). The root cause is format string handling in calls to set_var (in tcl_cmds.c and tcl_core.c), allowing a remote attacker to execute arbitrary code with the httpd process privileges. Aff...

6.8CVSS7.3AI score0.15858EPSS
CVE
CVE
added 2009/06/06 6:0 p.m.161 views

CVE-2009-1956

CVE-2009-1956: Off-by-one error in apr_brigade_vprintf in Apache APR-util before 1.3.5 on big-endian platforms. Remote attackers could obtain sensitive information or cause a denial of service (application crash) via crafted input. Affected product: APR-util (pre-1.3.5) used with APR/httpd; impac...

6.4CVSS7.4AI score0.12042EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.151 views

CVE-2002-0840

CVE-2002-0840 is a cross-site scripting (XSS) vulnerability in the default error page of Apache. It affects Apache 2.0 before 2.0.43 and 1.3.x up to 1.3.26, when UseCanonicalName is set to off and wildcard DNS is supported. An attacker can inject script via the Host header to execute in other vis...

6.8CVSS8.4AI score0.94006EPSS
CVE
CVE
added 2010/02/02 4:25 p.m.144 views

CVE-2010-0010

The CVE-2010-0010 issue affects Apache HTTP Server’s mod_proxy (proxy_util.c) on 64-bit platforms. The root cause is an integer overflow in the ap_proxy_send_fb function when handling large chunk sizes, which can trigger a heap-based buffer overflow. This condition enables a remote origin server ...

6.8CVSS8.2AI score0.43421EPSS
Web
CVE
CVE
added 2003/07/10 4:0 a.m.109 views

CVE-2003-0192

CVE-2003-0192 describes an issue in Apache 2.x before 2.0.47 (and mod_ssl for Apache 1.3) where certain sequences of per-directory renegotiations combined with using SSLCipherSuite to upgrade a weak cipher could cause the server to continue using a weak cipher. The connected advisories confirm af...

6.4CVSS9.3AI score0.05993EPSS
CVE
CVE
added 2004/06/30 4:0 a.m.105 views

CVE-2004-0493

The CVE-2004-0493 entry relates to Apache httpd 2.0.x prior to 2.0.50, where long MIME header lines with excessive spaces/tabs can cause memory exhaustion and, on 64-bit systems, a potential heap-based buffer overflow. Connected advisories confirm DoS concerns across Apache 2.0.x and related modu...

6.4CVSS6.8AI score0.84784EPSS
CVE
CVE
added 2026/06/08 3:10 p.m.96 views

CVE-2026-29170

CVE-2026-29170 describes a cross-site scripting (XSS) vulnerability in Apache HTTP Server 2.4.67 and earlier, affecting mod_proxy_ftp during HTML directory list generation when listing FTP directory contents via forward or reverse proxy configurations. The vulnerability arises in the HTML directo...

6.1CVSS5.2AI score0.00504EPSS
CVE
CVE
added 2026/06/08 3:16 p.m.73 views

CVE-2026-43951

CVE-2026-43951 : Out-of-bounds read in Apache HTTP Server affecting mod_headers and mod_mime across multiple response languages. Affected versions: 2.4.0–2.4.67. The vulnerability is described in enrichment as an out-of-bounds read in the merge_response_headers path, which can lead to a crash. No...

6.5CVSS5.5AI score0.00525EPSS
CVE
CVE
added 2026/05/04 2:40 p.m.55 views

CVE-2026-33523

CVE-2026-33523 describes an HTTP response splitting vulnerability in multiple Apache HTTP Server modules when backends are untrusted or compromised. Affected product: Apache HTTP Server up to version 2.4.66. The issue is resolved by upgrading to version 2.4.67. The provided documents do not inclu...

6.5CVSS5.8AI score0.00436EPSS