Httpd
by Apache
Source repositories
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-11148 | 0.00 | — | 0.00 | Dec 5, 2024 | In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. | |||
| CVE-2022-27631 | 0.00 | — | 0.01 | Aug 5, 2022 | A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | |||
| CVE-2021-20325 | 0.00 | — | 0.02 | Feb 18, 2022 | Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux… | |||
| CVE-2007-3304 | 0.00 | — | 0.03 | Jun 20, 2007 | Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1… | |||
| CVE-2007-3303 | 0.00 | — | 0.01 | Jun 20, 2007 | Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2)… | |||
| CVE-2005-3352 | 0.00 | — | 0.74 | Dec 13, 2005 | Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. | |||
| CVE-2000-1206 | 0.00 | — | 0.05 | Aug 20, 1999 | Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files. | |||
| CVE-1999-0071 | 0.00 | — | 0.04 | Sep 1, 1997 | Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. |
- CVE-2024-11148Dec 5, 2024risk 0.00cvss —epss 0.00
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.
- CVE-2022-27631Aug 5, 2022risk 0.00cvss —epss 0.01
A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
- CVE-2021-20325Feb 18, 2022risk 0.00cvss —epss 0.02
Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux…
- CVE-2007-3304Jun 20, 2007risk 0.00cvss —epss 0.03
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1…
- CVE-2007-3303Jun 20, 2007risk 0.00cvss —epss 0.01
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2)…
- CVE-2005-3352Dec 13, 2005risk 0.00cvss —epss 0.74
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
- CVE-2000-1206Aug 20, 1999risk 0.00cvss —epss 0.05
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
- CVE-1999-0071Sep 1, 1997risk 0.00cvss —epss 0.04
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
Page 2 of 2