VYPR

HTTP Server

by IBM

CVEs (23)

  • CVE-2026-9170CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation.

  • CVE-2026-8855HigMay 26, 2026
    risk 0.53cvss 8.1epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

  • CVE-2026-8834HigMay 26, 2026
    risk 0.52cvss 8.0epss 0.00

    IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service.

  • CVE-2026-8856HigMay 26, 2026
    risk 0.50cvss 7.7epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.

  • CVE-2026-8854HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.

  • CVE-2026-8850HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.

  • CVE-2026-8835HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service.

  • CVE-2026-8852MedMay 26, 2026
    risk 0.40cvss 6.2epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.

  • CVE-2006-3918Jul 28, 2006
    risk 0.10cvss epss 0.94

    http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which…

  • CVE-2004-0493Aug 6, 2004
    risk 0.10cvss epss 0.85

    The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of…

  • CVE-2000-0505May 31, 2000
    risk 0.07cvss epss 0.47

    The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.

  • CVE-2004-0492Aug 6, 2004
    risk 0.03cvss epss 0.34

    Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be…

  • CVE-2001-0122Mar 13, 2001
    risk 0.03cvss epss 0.03

    Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error.

  • CVE-2015-4947Sep 15, 2015
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to…

  • CVE-2004-1082Feb 3, 2004
    risk 0.01cvss epss 0.08

    mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

  • CVE-2023-26281Feb 28, 2023
    risk 0.00cvss epss 0.01

    IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.

  • CVE-2012-5955Dec 20, 2012
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors.

  • CVE-2012-2190Aug 21, 2012
    risk 0.00cvss epss 0.02

    IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a…

  • CVE-2011-1360Oct 28, 2011
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1)…

  • CVE-2009-0436Feb 10, 2009
    risk 0.00cvss epss 0.00

    The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.

Page 1 of 2