VYPR

HTTP Server

by Apache

Source repositories

CVEs (341)

  • CVE-2004-0173Apr 15, 2004
    risk 0.04cvss epss 0.16

    Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

  • CVE-2002-2272Dec 31, 2002
    risk 0.04cvss epss 0.10

    Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

  • CVE-2001-0042Feb 16, 2001
    risk 0.04cvss epss 0.09

    PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

  • CVE-2000-1016Dec 11, 2000
    risk 0.04cvss epss 0.08

    The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.

  • CVE-2000-0868Nov 14, 2000
    risk 0.04cvss epss 0.45

    The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

  • CVE-1999-0926Sep 3, 1999
    risk 0.04cvss epss 0.09

    Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.

  • CVE-2014-5329Sep 8, 2023
    risk 0.03cvss epss 0.02

    GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests…

  • CVE-2022-26377Jun 8, 2022
    risk 0.03cvss epss 0.19

    Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version…

  • CVE-2021-39275Sep 16, 2021
    risk 0.03cvss epss 0.36

    ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

  • CVE-2021-30641Jun 10, 2021
    risk 0.03cvss epss 0.52

    Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'

  • CVE-2019-10082Sep 26, 2019
    risk 0.03cvss epss 0.17

    In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

  • CVE-2019-10081Aug 15, 2019
    risk 0.03cvss epss 0.15

    HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the…

  • CVE-2019-0217Apr 8, 2019
    risk 0.03cvss epss 0.18

    In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

  • CVE-2014-0118Jul 20, 2014
    risk 0.03cvss epss 0.37

    The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses…

  • CVE-2014-0117Jul 20, 2014
    risk 0.03cvss epss 0.36

    The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.

  • CVE-2012-0031Jan 18, 2012
    risk 0.03cvss epss 0.03

    scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an…

  • CVE-2011-4415Nov 8, 2011
    risk 0.03cvss epss 0.03

    The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory…

  • CVE-2011-3607Nov 8, 2011
    risk 0.03cvss epss 0.05

    Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in…

  • CVE-2010-0010Feb 2, 2010
    risk 0.03cvss epss 0.43

    Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size…

  • CVE-2008-2939Aug 6, 2008
    risk 0.03cvss epss 0.39

    Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a…

Page 7 of 18