VYPR

Apache HTTP Server

by Apache

CVEs (3)

  • CVE-2019-0190HigJan 30, 2019
    risk 0.54cvss 7.5epss 0.60

    A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using…

  • CVE-2025-23048CriJul 10, 2025
    risk 0.52cvss 9.1epss 0.01

    In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a…

  • CVE-2020-10280HigJun 24, 2020
    risk 0.49cvss 7.5epss 0.01

    The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard.