VYPR

apk package

chainguard/apache2-utils

pkg:apk/chainguard/apache2-utils

Vulnerabilities (13)

  • CVE-2025-23048CriJul 10, 2025
    affected < 0fixed 0

    In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a d

  • CVE-2025-3891HigApr 29, 2025
    affected < 0fixed 0

    A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availab

  • CVE-2008-2168May 13, 2008
    affected < 0fixed 0

    Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

  • CVE-2007-6423Jan 12, 2008
    affected < 2.4.66-r0fixed 2.4.66-r0

    Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue

  • CVE-2007-6421Jan 8, 2008
    affected < 0fixed 0

    Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

  • CVE-2007-6422Jan 8, 2008
    affected < 0fixed 0

    The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

  • CVE-2007-0450Mar 16, 2007
    affected < 2.4.63-r1fixed 2.4.63-r1

    Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/"

  • CVE-2007-0086Jan 5, 2007
    affected < 2.4.63-r1fixed 2.4.63-r1

    The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue

  • CVE-1999-0289Dec 12, 1999
    affected < 2.4.66-r0fixed 2.4.66-r0

    The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.

  • CVE-1999-1237Jun 6, 1999
    affected < 2.4.63-r1fixed 2.4.63-r1

    Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.

  • CVE-1999-1412Jun 3, 1999
    affected < 2.4.63-r1fixed 2.4.63-r1

    A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.

  • CVE-1999-0678Jan 17, 1999
    affected < 2.4.66-r0fixed 2.4.66-r0

    A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

  • CVE-1999-0236HigJan 1, 1997
    affected < 2.4.63-r1fixed 2.4.63-r1

    ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.