Lucene search
K

10 matches found

CVE
CVE
added 2011/08/29 3:0 p.m.4564 views

CVE-2011-3192

CVE-2011-3192 is a DoS flaw in the Apache HTTP Server related to how Range headers are processed. In affected releases of httpd (1.3.x, 2.0.x up to 2.0.64, and 2.2.x up to 2.2.19), a remote attacker can trigger excessive memory and CPU usage by sending a Range header with multiple overlapping ran...

7.8CVSS6.3AI score0.98945EPSS
In wildWeb
CVE
CVE
added 2011/12/27 6:0 p.m.2589 views

CVE-2007-6750

CVE-2007-6750 affects Apache HTTP Server 1.x and 2.x. The vulnerability arises from handling partial HTTP requests (Slowloris), related to absence of the mod_reqtimeout protection in versions before 2.2.15, enabling remote DoS (daemon outage). Public details in connected docs confirm PoCs/exploit...

5CVSS7AI score0.71634EPSS
CVE
CVE
added 2011/10/05 10:0 p.m.1135 views

CVE-2011-3368

CVE-2011-3368 affects the Apache HTTP Server’s mod_proxy in reverse-proxy configurations. The vulnerability arises when using (1) RewriteRule with the [P] flag or (2) ProxyPassMatch; a remote attacker can craft a URI starting with an initial @ character to force the proxy to connect to an interna...

5CVSS9.2AI score0.90734EPSS
CVE
CVE
added 2011/11/08 11:0 a.m.1101 views

CVE-2011-4415

The CVE-2011-4415 issue affects the Apache HTTP Server (2.0.x up to 2.0.64 and 2.2.x up to 2.2.21) when mod_setenvif is enabled. The root cause is an integer overflow in ap_pregsub during environment variable handling (SetEnvIf), with a crafted .htaccess and HTTP header causing memory exhaustion ...

1.2CVSS6AI score0.031EPSS
CVE
CVE
added 2011/11/30 2:0 a.m.878 views

CVE-2011-4317

The CVE-2011-4317 issue concerns Apache HTTP Server in reverse proxy configurations (ProxyPassMatch/RewriteRule with [P]). It enables remote access to intranet servers via a malformed URI containing @ and : when the Revision 1179239 patch is applied, reflecting an incomplete fix for CVE-2011-3368...

4.3CVSS9.4AI score0.60783EPSS
CVE
CVE
added 2011/11/08 11:0 a.m.800 views

CVE-2011-3607

The CVE-2011-3607 issue affects the Apache HTTP Server 2.0.x (up to 2.0.64) and 2.2.x (up to 2.2.21) when mod_setenvif is enabled. An integer overflow in ap_pregsub() in server/util.c can cause a heap-based buffer overflow, enabling local privilege escalation via a crafted .htaccess SetEnvIf dire...

4.4CVSS7.7AI score0.04716EPSS
CVE
CVE
added 2011/11/30 2:0 a.m.795 views

CVE-2011-3639

CVE-2011-3639 affects the Apache HTTP Server mod_proxy when using reverse proxy configurations (RewriteRule/ProxyPassMatch). The initial fix for CVE-2011-3368 did not fully address the issue, allowing a remote attacker to connect to an intranet/hidden server by sending HTTP/0.9 with a malformed U...

4.3CVSS9.4AI score0.52531EPSS
CVE
CVE
added 2011/05/16 5:0 p.m.758 views

CVE-2011-0419

CVE-2011-0419 is a stack consumption/DoS vulnerability in the APR library’s fnmatch implementation (apr_fnmatch.c) and, for some platforms, in libc’s fnmatch.c. It affects APR < 1.4.3 and Apache HTTP Server

4.3CVSS7.7AI score0.30406EPSS
CVE
CVE
added 2011/09/19 3:0 p.m.726 views

CVE-2011-3348

The CVE-2011-3348 issue affects the Apache HTTP Server’s mod_proxy_ajp in combination with mod_proxy_balancer, where certain configurations allow remote attackers to trigger a denial of service by sending a malformed HTTP request. The vulnerability is described as causing a temporary error state ...

4.3CVSS6.1AI score0.2238EPSS
CVE
CVE
added 2011/05/24 11:0 p.m.120 views

CVE-2011-1928

The CVE-2011-1928 issue affects the APR library’s fnmatch implementation (apr_fnmatch.c) in APR 1.4.3/1.4.4 and Apache HTTP Server 2.2.18, causing an infinite-loop DoS when processing certain URIs due to an incorrect fix for CVE-2011-0419. Connected advisories note the problem is triggered by wil...

4.3CVSS6.7AI score0.10322EPSS