VYPR

HTTP Server

by Apache

Source repositories

CVEs (341)

  • CVE-2010-0434Mar 5, 2010
    risk 0.01cvss epss 0.18

    The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote…

  • CVE-2009-3095Sep 8, 2009
    risk 0.01cvss epss 0.13

    The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain…

  • CVE-2009-3094Sep 8, 2009
    risk 0.01cvss epss 0.09

    The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV…

  • CVE-2009-1891Jul 10, 2009
    risk 0.01cvss epss 0.17

    The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

  • CVE-2009-1890Jul 5, 2009
    risk 0.01cvss epss 0.16

    The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to…

  • CVE-2009-1191Apr 23, 2009
    risk 0.01cvss epss 0.12

    mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

  • CVE-2008-2364Jun 13, 2008
    risk 0.01cvss epss 0.13

    The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a…

  • CVE-2008-0005Jan 12, 2008
    risk 0.01cvss epss 0.15

    mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

  • CVE-2007-6420Jan 12, 2008
    risk 0.01cvss epss 0.09

    Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

  • CVE-2007-6421Jan 8, 2008
    risk 0.01cvss epss 0.08

    Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

  • CVE-2007-6422Jan 8, 2008
    risk 0.01cvss epss 0.10

    The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

  • CVE-2007-3847Aug 23, 2007
    risk 0.01cvss epss 0.13

    The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

  • CVE-2007-1863Jun 27, 2007
    risk 0.01cvss epss 0.12

    cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2)…

  • CVE-2007-0086Jan 5, 2007
    risk 0.01cvss epss 0.10

    The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue…

  • CVE-2006-4154Oct 16, 2006
    risk 0.01cvss epss 0.16

    Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.

  • CVE-2005-2970Oct 25, 2005
    risk 0.01cvss epss 0.14

    Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

  • CVE-2005-2728Aug 30, 2005
    risk 0.01cvss epss 0.11

    The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.

  • CVE-2005-1268Aug 5, 2005
    risk 0.01cvss epss 0.08

    Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

  • CVE-2004-0811Dec 31, 2004
    risk 0.01cvss epss 0.07

    Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.

  • CVE-2004-0885Nov 3, 2004
    risk 0.01cvss epss 0.14

    The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

Page 11 of 18