Http Server Security Vulnerabilities and Issues — Http Server CVE List

Lucene search

ApacheHttp Server

10 matches found

CVE•added 2011/08/29 3:55 p.m.•4327 views

CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different ...

7.8CVSS6.3AI score0.92987EPSS

In wild

CVE•added 2011/12/27 6:55 p.m.•2376 views

CVE-2007-6750

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

5CVSS7AI score0.86112EPSS

CVE•added 2011/11/08 11:55 a.m.•1047 views

CVE-2011-4415

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL...

1.2CVSS6AI score0.00767EPSS

CVE•added 2011/10/05 10:55 p.m.•1027 views

CVE-2011-3368

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to i...

5CVSS9.2AI score0.78908EPSS

CVE•added 2011/11/30 4:5 a.m.•803 views

CVE-2011-4317

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

4.3CVSS9.4AI score0.88879EPSS

CVE•added 2011/11/08 11:55 a.m.•759 views

CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted ...

4.4CVSS7.7AI score0.00404EPSS

CVE•added 2011/11/30 4:5 a.m.•747 views

CVE-2011-3639

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers...

4.3CVSS9.4AI score0.78908EPSS

CVE•added 2011/05/16 5:55 p.m.•717 views

CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allow...

4.3CVSS7.7AI score0.58438EPSS

CVE•added 2011/09/20 5:55 a.m.•676 views

CVE-2011-3348

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

4.3CVSS6.1AI score0.51262EPSS

CVE•added 2011/05/24 11:55 p.m.•104 views

CVE-2011-1928

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by ...

4.3CVSS6.7AI score0.58438EPSS