VYPR

HTTP Server

by Apache

Source repositories

CVEs (341)

  • CVE-2007-0450Mar 16, 2007
    risk 0.03cvss epss 0.91

    Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/"…

  • CVE-2004-0492Aug 6, 2004
    risk 0.03cvss epss 0.34

    Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be…

  • CVE-2003-1307Dec 31, 2003
    risk 0.03cvss epss 0.02

    The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's…

  • CVE-2003-1138Oct 27, 2003
    risk 0.03cvss epss 0.05

    The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).

  • CVE-2003-0132Apr 11, 2003
    risk 0.03cvss epss 0.87

    A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

  • CVE-2000-0913Dec 19, 2000
    risk 0.03cvss epss 0.35

    mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

  • CVE-2024-40725Jul 18, 2024
    risk 0.02cvss epss 0.04

    A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code…

  • CVE-2022-22720Mar 14, 2022
    risk 0.02cvss epss 0.28

    Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

  • CVE-2022-22719Mar 14, 2022
    risk 0.02cvss epss 0.70

    A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

  • CVE-2020-11993Aug 7, 2020
    risk 0.02cvss epss 0.59

    Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info"…

  • CVE-2020-1934Apr 1, 2020
    risk 0.02cvss epss 0.52

    In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

  • CVE-2019-10097Sep 26, 2019
    risk 0.02cvss epss 0.53

    In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be…

  • CVE-2019-0220Jun 11, 2019
    risk 0.02cvss epss 0.18

    A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the…

  • CVE-2019-0190Jan 30, 2019
    risk 0.02cvss epss 0.60

    A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using…

  • CVE-2014-0098Mar 18, 2014
    risk 0.02cvss epss 0.26

    The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

  • CVE-2013-6438Mar 18, 2014
    risk 0.02cvss epss 0.27

    The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE…

  • CVE-2013-1896Jul 10, 2013
    risk 0.02cvss epss 0.29

    mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn…

  • CVE-2013-1862Jun 10, 2013
    risk 0.02cvss epss 0.25

    mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a…

  • CVE-2012-4558Feb 26, 2013
    risk 0.02cvss epss 0.23

    Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject…

  • CVE-2012-3499Feb 26, 2013
    risk 0.02cvss epss 0.23

    Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3)…

Page 8 of 18