Http Server
Sign in to watchby Apache
CVEs (211)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2001-0766 | Cri | 0.68 | 9.8 | 0.11 | Oct 18, 2001 | Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. | |
| CVE-2017-7679 | Cri | 0.66 | 9.8 | 0.30 | Jun 20, 2017 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. | |
| CVE-2017-3169 | Cri | 0.66 | 9.8 | 0.31 | Jun 20, 2017 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. | |
| CVE-2026-28780 | Cri | 0.64 | 9.8 | 0.00 | May 5, 2026 | Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | |
| CVE-2017-3167 | Cri | 0.64 | 9.8 | 0.09 | Jun 20, 2017 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | |
| CVE-2017-9788 | Cri | 0.63 | 9.1 | 0.49 | Jul 13, 2017 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. | |
| CVE-2017-9798 | Hig | 0.59 | 7.5 | 0.94 | Sep 18, 2017 | Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c. | |
| CVE-2026-23918 | Hig | 0.57 | 8.8 | 0.00 | May 4, 2026 | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | |
| CVE-2026-24072 | Hig | 0.57 | 8.8 | 0.00 | May 4, 2026 | An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. | |
| CVE-2016-8740 | Hig | 0.57 | 7.5 | 0.68 | Dec 5, 2016 | The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. | |
| CVE-2016-5387 | Hig | 0.57 | 8.1 | 0.60 | Jul 19, 2016 | The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. | |
| CVE-2017-7668 | Hig | 0.54 | 7.5 | 0.63 | Jun 20, 2017 | The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. | |
| CVE-2004-0940 | Hig | 0.54 | 7.8 | 0.04 | Feb 9, 2005 | Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | |
| CVE-1999-0236 | Hig | 0.53 | 7.5 | 0.14 | Jan 1, 1997 | ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | |
| CVE-2017-7659 | Hig | 0.52 | 7.5 | 0.38 | Jul 26, 2017 | A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. | |
| CVE-2009-1955 | Hig | 0.52 | 7.5 | 0.02 | Jun 8, 2009 | The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | |
| CVE-2002-1850 | Hig | 0.52 | 7.5 | 0.03 | Dec 31, 2002 | mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. | |
| CVE-2004-0747 | Hig | 0.51 | 7.8 | 0.01 | Oct 20, 2004 | Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. | |
| CVE-2016-8743 | Hig | 0.50 | 7.5 | 0.11 | Jul 27, 2017 | Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. | |
| CVE-2004-0174 | Hig | 0.50 | 7.5 | 0.20 | May 4, 2004 | Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." |