Lucene search
K
ApacheHttp Server

7 matches found

CVE
CVE
added 2018/03/26 3:0 p.m.4812 views

CVE-2017-15715

CVE-2017-15715 affects Apache HTTP Server 2.4.0–2.4.29. The issue: the expression could treat a trailing '$' as a newline in a malicious filename, bypassing filename-end checks and potentially allowing uploads that would otherwise be blocked. Documents consistently describe this as a bypass vuln...

8.1CVSS7.2AI score0.86006EPSS
In wild
CVE
CVE
added 2021/12/20 11:20 a.m.2718 views

CVE-2021-44224

CVE-2021-44224 concerns Apache HTTP Server (httpd) with the mod_proxy forward proxy configuration. A crafted URI to a forward proxy (ProxyRequests on) can trigger a NULL pointer dereference, causing a crash. In configurations that mix forward and reverse proxy declarations, it can enable requests...

8.2CVSS8.7AI score0.82295EPSS
CVE
CVE
added 2016/07/19 1:0 a.m.1526 views

CVE-2016-5387

CVE-2016-5387 affects Apache httpd prior to 2.4.25, where RFC 3875 compliance allows untrusted HTTP_PROXY data to influence outbound proxy selection via a crafted Proxy header (the httpoxy issue). Public docs indicate the issue arises from the HTTP_PROXY environment variable being exposed to appl...

8.1CVSS8AI score0.55724EPSS
CVE
CVE
added 2024/07/01 6:14 p.m.1013 views

CVE-2024-38473

The CVE-2024-38473 issue affects Apache HTTP Server (mod_proxy) in versions up to 2.4.59, where improper/encoded request URL handling can allow requests to reach backends and potentially bypass authentication. Public references and advisories state the vulnerability arises from encoding problems ...

8.1CVSS8.8AI score0.25878EPSS
CVE
CVE
added 2025/12/05 1:40 p.m.830 views

CVE-2025-58098

CVE-2025-58098 affects Apache HTTP Server 2.4.65 and earlier when Server Side Includes (SSI) is enabled and mod_cgid (not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives, enabling potential command injection. The issue impacts Apache HTTP Server before 2.4.66; remedia...

8.3CVSS6.5AI score0.01527EPSS
CVE
CVE
added 2026/05/04 12:37 p.m.110 views

CVE-2026-24072

CVE-2026-24072 is an escalation-of-privilege issue in Apache HTTP Server up to version 2.4.66, where local ".htaccess" authors can read files with the privileges of the httpd user due to a vulnerability in various modules (notably via the ap_expr/mod_rewrite path). The fixed version is 2.4.67. Pr...

8.8CVSS5.8AI score0.00654EPSS
CVE
CVE
added 2026/05/04 2:44 p.m.94 views

CVE-2026-23918

CVE-2026-23918 is a vulnerability in Apache HTTP Server affecting version 2.4.66 with the HTTP/2 protocol, described as a double free and possible remote code execution. The issue may impact confidentiality, integrity, and availability (per the CVSS 3.1 metrics: base score 8.8, high impact). Reme...

8.8CVSS5.8AI score0.4581EPSS
Web