Lucene search
K
IbmHttp Server

22 matches found

CVE
CVE
added 2010/03/05 7:0 p.m.6043 views

CVE-2010-0425

CVE-2010-0425 affects Apache HTTP Server on Windows with ISAPI module mod_isapi (DLLs in 2.0.37–2.0.63, 2.2.0–2.2.14, and 2.3.x before 2.3.7). Root cause: mod_isapi may unload an ISAPI DLL before request processing finishes, causing memory corruption. Impact: remote code execution or denial of se...

10CVSS9.4AI score0.94248EPSS
CVE
CVE
added 2004/06/23 4:0 a.m.455 views

CVE-2004-0492

Apache mod_proxy vulnerability CVE-2004-0492 is a heap-based overflow in proxy_util.c affecting Apache 1.3.25–1.3.31. A remote attacker can trigger a denial of service (process crash) and possibly execute arbitrary code by sending a negative Content-Length header, causing excessive data copy. The...

10CVSS8.1AI score0.33639EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.208 views

CVE-2004-1082

CVE-2004-1082 affects Apache 1.3.31 and 1.3.32 on Mac OS X Server. The vulnerability arises in mod_digest_apple where the server does not properly verify the nonce in a client response, allowing remote attackers to replay credentials. The NVD entry (CVSS v2 base score 7.5, HIGH) indicates a netwo...

7.5CVSS8.1AI score0.07583EPSS
CVE
CVE
added 2023/05/30 9:3 p.m.185 views

CVE-2023-32342

CVE-2023-32342 is a timing-based side-channel vulnerability in IBM GSKit’s RSA Decryption. The IBM bulletins show this can lead to information disclosure and affect multiple IBM products that ship GSKit (e.g., Db2, Informix, Sterling, Datacap, and related containers). Root cause: timing differenc...

7.5CVSS7.2AI score0.00925EPSS
CVE
CVE
added 2015/09/15 3:0 p.m.107 views

CVE-2015-4947

CVE-2015-4947 is a stack-based buffer overflow in the IBM HTTP Server Administration Server, affecting IBM HTTP Server versions 6.1.0.x up to 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, used with WebSphere Application Server and other products. An authent...

9CVSS9.3AI score0.07915EPSS
CVE
CVE
added 2004/06/30 4:0 a.m.103 views

CVE-2004-0493

The CVE-2004-0493 entry relates to Apache httpd 2.0.x prior to 2.0.50, where long MIME header lines with excessive spaces/tabs can cause memory exhaustion and, on 64-bit systems, a potential heap-based buffer overflow. Connected advisories confirm DoS concerns across Apache 2.0.x and related modu...

6.4CVSS6.8AI score0.84784EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.101 views

CVE-2000-0505

The CVE-2000-0505 entry concerns the Apache HTTP Server on Windows (Win32) in the 1.3.x line. The vulnerability allows remote attackers to list directory contents by issuing a URL containing a large sequence of forward slashes, which triggers directory listing of the web root as configured in htt...

5CVSS6.6AI score0.46653EPSS
CVE
CVE
added 2023/02/28 2:19 p.m.90 views

CVE-2023-26281

CVE-2023-26281 affects IBM HTTP Server 8.5 (used with IBM WebSphere Application Server). A remote attacker can trigger a denial-of-service by sending a specially crafted URL. The issue is addressed by IBM HTTP Server fixes; advisories reference an update path for IBM HTTP Server (e.g., 8.5.5.24) ...

7.5CVSS6.3AI score0.01116EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.84 views

CVE-2004-0263

Technical details (affected product/version, root cause, impact, and remediation) are not publicly provided in the supplied connected documents. Monitor for updates.

5CVSS6.5AI score0.03485EPSS
CVE
CVE
added 2011/10/28 1:0 a.m.72 views

CVE-2011-1360

CVE-2011-1360 covers multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier. The issue arises from untrusted input in documentation-related paths (manual/ibm/ and htdocs/*/manual/ibm/), enabling an attacker to inject arbitrary script/HTML. Products using IBM HTT...

4.3CVSS5.7AI score0.01674EPSS
CVE
CVE
added 2012/12/20 11:0 a.m.62 views

CVE-2012-5955

Technical details about CVE-2012-5955 are not publicly provided in the connected documents. Monitor for updates from IBM/NVD and vendors for affected versions, impact, and remediation.

10CVSS7.7AI score0.04397EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.58 views

CVE-2001-0122

CVE-2001-0122 describes a kernel leak in IBM’s FRCA (AfpaCache) module used by IBM HTTP Server 1.3.x and WebSphere 3.52. The vulnerability allows remote attackers to cause a denial of service by issuing a sequence of malformed HTTP requests that generate a "+bad request" error. Affected products ...

5CVSS6.7AI score0.03318EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.49 views

CVE-2002-1822

CVE-2002-1822 concerns IBM HTTP Server 1.0 on AS/400, where remote attackers can obtain the web root path and other sensitive information. The leak occurs via an error message when requesting a non-existent JSP page. The vulnerability is documented with a NVD CVSS v2 base score of 5.0 (Medium) an...

5CVSS6.8AI score0.02096EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.47 views

CVE-2000-1168

CVE-2000-1168 affects IBM HTTP Server 1.3.6 (based on Apache). The vulnerability allows remote attackers to cause a denial of service and may lead to arbitrary command execution through a long GET request. The associated NVD entry lists a base score of 7.5 (High; Network vector, low attack comple...

7.5CVSS7.8AI score0.01924EPSS
CVE
CVE
added 2026/05/26 5:31 p.m.42 views

CVE-2026-9170

IBM HTTP Server (powered by Apache) is affected by CVE-2026-9170, affecting IBM HTTP Server 8.5 and 9.0. The vulnerability is described as a denial of service with potential remote code execution due to improper input validation (CWE-94). The IBM Security Bulletin lists this CVE alongside several...

9.8CVSS6.1AI score0.00488EPSS
CVE
CVE
added 2026/05/26 4:58 p.m.39 views

CVE-2026-8855

IBM HTTP Server versions 8.5 and 9.0 are affected by CVE-2026-8855, with remote code execution and denial of service when TLS mutual authentication is configured. The issue is documented by IBM and reflected in NVD with high-severity vectors (NETWORK, no user interaction). The IBM PSIRT bulletin ...

9.8CVSS6.5AI score0.00456EPSS
CVE
CVE
added 2026/05/26 5:10 p.m.27 views

CVE-2026-8834

CVE-2026-8834 affects IBM HTTP Server versions 8.5 and 9.0. The issue is a buffer overflow in the server, which could be exploited by a privileged user authenticated to the Administration Server to execute remote code or cause a denial of service. The CVSS metrics indicate an adjacent attack vect...

8CVSS6.4AI score0.0026EPSS
CVE
CVE
added 2026/05/26 5:11 p.m.21 views

CVE-2026-8835

The CVE-2026-8835 entry concerns IBM HTTP Server versions 8.5 and 9.0 vulnerable to an invalid pointer dereference. According to the connected sources, a privileged user authenticated to the Administration Server could exploit this issue to cause a denial of service or to expose sensitive informa...

7.3CVSS5.8AI score0.00252EPSS
CVE
CVE
added 2026/05/26 4:58 p.m.19 views

CVE-2026-8854

CVE-2026-8854 affects IBM HTTP Server versions 8.5 and 9.0 via the optional mem_cache module (mod_mem_cache). The DoS condition arises from this component, with CVSS 3.1 base score 7.5 (Network, Low attack complexity, No privileges required, No user interaction). Connected sources confirm the vul...

7.5CVSS5.8AI score0.00359EPSS
CVE
CVE
added 2026/05/26 4:56 p.m.18 views

CVE-2026-8856

IBM HTTP Server 8.5 and 9.0 are affected by CVE-2026-8856, a denial-of-service condition triggered when an attacker with write access to parts of the server configuration can consume resources. The IBM Security Bulletin lists this CVE among multiple vulnerabilities in IBM HTTP Server (bundled wit...

9.1CVSS5.8AI score0.00197EPSS
CVE
CVE
added 2026/05/26 4:56 p.m.16 views

CVE-2026-8852

IBM HTTP Server (8.5 and 9.0) is affected by CVE-2026-8852, with denial of service via the optional mod_fastcgi module. The IBM bulletin confirms this alongside other IBM HTTP Server CVEs and provides remediation guidance: upgrade to the minimal fix pack level and apply the interim fix PH71265, o...

7.5CVSS5.8AI score0.00197EPSS
CVE
CVE
added 2026/05/26 4:54 p.m.15 views

CVE-2026-8850

IBM HTTP Server 8.5 and 9.0 are affected by a denial-of-service through the optional module mod_ibm_upload. The NVD entry lists a CVSS 3.1 base score of 7.5 (HIGH) with network attack vector and no user interaction required, indicating the issue can be triggered remotely and could impact availabi...

7.5CVSS5.8AI score0.0038EPSS