Lucene search
K

12 matches found

CVE
CVE
added 2014/07/20 10:0 a.m.2126 views

CVE-2014-0226

Apache HTTP Server CVE-2014-0226 is a race-condition vulnerability in the mod_status component that can cause a heap-based buffer overflow, denial of service, and potentially credential disclosure or code execution. Affects httpd before 2.4.10; the issue arises from improper scoreboard handling i...

6.8CVSS7AI score0.85744EPSS
In wildWeb
CVE
CVE
added 2014/12/29 11:0 p.m.2079 views

CVE-2014-8109

CVE-2014-8109 affects the Apache HTTP Server 2.3.x and 2.4.x up to 2.4.10, where mod_lua.c does not properly handle an httpd configuration using the same Lua authorization provider with different arguments across contexts. This can allow remote attackers to bypass access restrictions via multiple...

4.3CVSS6.7AI score0.22016EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.2073 views

CVE-2014-0231

The CVE-2014-0231 issue affects the Apache HTTP Server mod_cgid module, specifically versions before 2.4.10. A missing timeout mechanism allows a remote attacker to trigger a denial of service by sending a request to a CGI script that does not read from stdin, causing the process to hang. This vu...

5CVSS4.2AI score0.43809EPSS
CVE
CVE
added 2014/03/18 1:0 a.m.1973 views

CVE-2014-0098

CVE-2014-0098 affects the Apache HTTP Server (mod_log_config) prior to version 2.4.8. The vulnerability is caused by how log_cookie is handled during truncation, allowing remote attackers to trigger a denial-of-service (segmentation fault and daemon crash). Public advisories and vendor notes (e.g...

5CVSS8AI score0.25999EPSS
CVE
CVE
added 2014/03/18 1:0 a.m.1776 views

CVE-2013-6438

The vulnerability CVE-2013-6438 affects the Apache HTTP Server mod_dav component. The flaw is in dav_xml_get_cdata (main/util.c) where whitespace is not correctly removed from CDATA sections, enabling a remote attacker to trigger a denial of service (daemon crash) with a crafted DAV WRITE request...

5CVSS8AI score0.26831EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.1421 views

CVE-2014-0118

CVE-2014-0118 affects the Apache HTTP Server mod_deflate: the deflate_in_filter in mod_deflate.c allows remote denial-of-service when request body decompression is enabled, by processing crafted data that expands to a large size. Affected versions are Apache httpd prior to 2.4.10. Impact is resou...

4.3CVSS6.3AI score0.37156EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.1178 views

CVE-2014-0117

The vulnerability CVE-2014-0117 affects the Apache HTTP Server, specifically the mod_proxy behavior in the 2.4.x line prior to 2.4.10. When a reverse proxy is enabled, a remote attacker can craft an HTTP Connection header to trigger a denial of service (child process crash). This is documented ac...

4.3CVSS8.6AI score0.35543EPSS
Web
CVE
CVE
added 2014/07/20 10:0 a.m.914 views

CVE-2014-3523

CVE-2014-3523 corresponds to a memory leak in the WinNT MPM of Apache HTTP Server 2.4.x on Windows. Specifically, when AcceptFilter is enabled, the winnt_accept function in server/mpm/winnt/child.c can leak memory under crafted requests, leading to denial of service. The vulnerability is tied to ...

5CVSS6.3AI score0.16372EPSS
CVE
CVE
added 2014/04/15 10:0 a.m.906 views

CVE-2013-5704

CVE-2013-5704 concerns the Apache HTTP Server mod_headers trailer-header bypass vulnerability. The issue arises when a client places headers in the trailer portion of a chunked request, potentially bypassing RequestHeader unset directives and allowing header manipulation after header processing. ...

5CVSS5.7AI score0.60205EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.781 views

CVE-2013-4352

CVE-2013-4352 affects Apache HTTP Server (httpd) 2.4.x, specifically the mod_cache cache_storage.c: the cache_invalidate path in forward proxy caching can trigger a NULL pointer dereference, crashing the httpd and causing a Denial of Service. Public disclosures tie this to Apache httpd 2.4.6; mul...

4.3CVSS8.7AI score0.11534EPSS
CVE
CVE
added 2014/12/15 5:27 p.m.709 views

CVE-2014-3583

CVE-2014-3583 affects Apache HTTP Server 2.4.10 and earlier, where the handle_headers function in mod_proxy_fcgi.c can be triggered by long response headers to cause a denial of service (buffer over-read and daemon crash). The vulnerability stems from the proxy/Fcgi header handling in mod_proxy_f...

5CVSS8AI score0.10783EPSS
CVE
CVE
added 2014/10/10 10:0 a.m.472 views

CVE-2014-3581

Apache HTTP Server vulnerability CVE-2014-3581 affects the mod_cache component (cache_util.c) in the httpd 2.4.x line, before 2.4.11. An empty Content-Type header can trigger a NULL pointer dereference in cache_merge_headers_out, leading to a denial of service (application crash). Public advisori...

5CVSS6.2AI score0.13451EPSS