Http Server Security Vulnerabilities and Issues — Http Server CVE List

Lucene search

ApacheHttp Server

7 matches found

CVE•added 2012/04/18 10:33 a.m.•1264 views

CVE-2012-0883

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

6.9CVSS6.1AI score0.00208EPSS

CVE•added 2012/08/22 7:55 p.m.•1222 views

CVE-2012-2687

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted f...

2.6CVSS5.5AI score0.05337EPSS

CVE•added 2012/01/28 4:5 a.m.•1149 views

CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in co...

4.3CVSS6.2AI score0.76477EPSS

CVE•added 2012/01/18 8:55 p.m.•790 views

CVE-2012-0031

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free...

4.6CVSS7AI score0.01617EPSS

CVE•added 2012/11/30 7:55 p.m.•528 views

CVE-2012-4557

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.

5CVSS6.2AI score0.29065EPSS

CVE•added 2012/01/28 4:5 a.m.•257 views

CVE-2012-0021

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks bot...

2.6CVSS8.8AI score0.3296EPSS

CVE•added 2012/08/22 7:55 p.m.•176 views

CVE-2012-3502

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtai...

4.3CVSS6AI score0.04442EPSS