10 matches found
CVE-2011-3192
CVE-2011-3192 is a DoS flaw in the Apache HTTP Server related to how Range headers are processed. In affected releases of httpd (1.3.x, 2.0.x up to 2.0.64, and 2.2.x up to 2.2.19), a remote attacker can trigger excessive memory and CPU usage by sending a Range header with multiple overlapping ran...
CVE-2007-6750
CVE-2007-6750 affects Apache HTTP Server 1.x and 2.x. The vulnerability arises from handling partial HTTP requests (Slowloris), related to absence of the mod_reqtimeout protection in versions before 2.2.15, enabling remote DoS (daemon outage). Public details in connected docs confirm PoCs/exploit...
CVE-2011-3368
CVE-2011-3368 affects the Apache HTTP Server’s mod_proxy in reverse-proxy configurations. The vulnerability arises when using (1) RewriteRule with the [P] flag or (2) ProxyPassMatch; a remote attacker can craft a URI starting with an initial @ character to force the proxy to connect to an interna...
CVE-2011-4415
The CVE-2011-4415 issue affects the Apache HTTP Server (2.0.x up to 2.0.64 and 2.2.x up to 2.2.21) when mod_setenvif is enabled. The root cause is an integer overflow in ap_pregsub during environment variable handling (SetEnvIf), with a crafted .htaccess and HTTP header causing memory exhaustion ...
CVE-2011-4317
The CVE-2011-4317 issue concerns Apache HTTP Server in reverse proxy configurations (ProxyPassMatch/RewriteRule with [P]). It enables remote access to intranet servers via a malformed URI containing @ and : when the Revision 1179239 patch is applied, reflecting an incomplete fix for CVE-2011-3368...
CVE-2011-3607
The CVE-2011-3607 issue affects the Apache HTTP Server 2.0.x (up to 2.0.64) and 2.2.x (up to 2.2.21) when mod_setenvif is enabled. An integer overflow in ap_pregsub() in server/util.c can cause a heap-based buffer overflow, enabling local privilege escalation via a crafted .htaccess SetEnvIf dire...
CVE-2011-3639
CVE-2011-3639 affects the Apache HTTP Server mod_proxy when using reverse proxy configurations (RewriteRule/ProxyPassMatch). The initial fix for CVE-2011-3368 did not fully address the issue, allowing a remote attacker to connect to an intranet/hidden server by sending HTTP/0.9 with a malformed U...
CVE-2011-0419
CVE-2011-0419 is a stack consumption/DoS vulnerability in the APR library’s fnmatch implementation (apr_fnmatch.c) and, for some platforms, in libc’s fnmatch.c. It affects APR < 1.4.3 and Apache HTTP Server
CVE-2011-3348
The CVE-2011-3348 issue affects the Apache HTTP Server’s mod_proxy_ajp in combination with mod_proxy_balancer, where certain configurations allow remote attackers to trigger a denial of service by sending a malformed HTTP request. The vulnerability is described as causing a temporary error state ...
CVE-2011-1928
The CVE-2011-1928 issue affects the APR library’s fnmatch implementation (apr_fnmatch.c) in APR 1.4.3/1.4.4 and Apache HTTP Server 2.2.18, causing an infinite-loop DoS when processing certain URIs due to an incorrect fix for CVE-2011-0419. Connected advisories note the problem is triggered by wil...