VYPR

HTTP Server

by Apache

Source repositories

CVEs (341)

  • CVE-2019-10098Sep 25, 2019
    risk 0.09cvss epss 0.74

    In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

  • CVE-2007-6750Dec 27, 2011
    risk 0.09cvss epss 0.72

    The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

  • CVE-2007-6203Dec 3, 2007
    risk 0.09cvss epss 0.81

    Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can…

  • CVE-2004-0751Oct 20, 2004
    risk 0.09cvss epss 0.70

    The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).

  • CVE-2001-0925Mar 12, 2001
    risk 0.09cvss epss 0.75

    The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2)…

  • CVE-2011-4317Nov 30, 2011
    risk 0.08cvss epss 0.61

    The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a…

  • CVE-2008-0455Jan 25, 2008
    risk 0.08cvss epss 0.65

    Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web…

  • CVE-2003-0245Jun 9, 2003
    risk 0.08cvss epss 0.63

    Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to…

  • CVE-2002-0654Sep 5, 2002
    risk 0.08cvss epss 0.59

    Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child…

  • CVE-2001-0731Oct 1, 2001
    risk 0.08cvss epss 0.57

    Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.

  • CVE-2024-38473Jul 1, 2024
    risk 0.07cvss epss 0.26

    Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this…

  • CVE-2024-38472Jul 1, 2024
    risk 0.07cvss epss 0.68

    SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will…

  • CVE-2024-27316Apr 4, 2024
    risk 0.07cvss epss 0.91

    HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

  • CVE-2011-3639Nov 30, 2011
    risk 0.07cvss epss 0.53

    The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which…

  • CVE-2008-2168May 13, 2008
    risk 0.07cvss epss 0.55

    Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

  • CVE-2004-0942Feb 9, 2005
    risk 0.07cvss epss 0.55

    Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

  • CVE-2000-0869Nov 14, 2000
    risk 0.07cvss epss 0.51

    The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

  • CVE-2000-0505May 31, 2000
    risk 0.07cvss epss 0.47

    The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.

  • CVE-1999-0067Mar 20, 1996
    risk 0.07cvss epss 0.87

    phf CGI program allows remote command execution through shell metacharacters.

  • CVE-2020-11984Aug 7, 2020
    risk 0.06cvss epss 0.90

    Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

Page 5 of 18