Filtered by vendor Apache
Subscriptions
Filtered by product Http Server
Subscriptions
Total
327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-1452 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. | ||||
| CVE-2012-0031 | 5 Apache, Debian, Opensuse and 2 more | 13 Http Server, Debian Linux, Opensuse and 10 more | 2025-04-11 | N/A |
| scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. | ||||
| CVE-2013-2249 | 1 Apache | 1 Http Server | 2025-04-11 | N/A |
| mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. | ||||
| CVE-2012-0883 | 3 Apache, Opensuse, Redhat | 3 Http Server, Opensuse, Jboss Enterprise Application Platform | 2025-04-11 | N/A |
| envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. | ||||
| CVE-2012-4558 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. | ||||
| CVE-2010-1623 | 2 Apache, Redhat | 4 Apr-util, Http Server, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. | ||||
| CVE-2011-3368 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. | ||||
| CVE-2010-0010 | 1 Apache | 1 Http Server | 2025-04-11 | N/A |
| Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow. | ||||
| CVE-2011-3192 | 5 Apache, Canonical, Opensuse and 2 more | 10 Http Server, Ubuntu Linux, Opensuse and 7 more | 2025-04-11 | N/A |
| The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. | ||||
| CVE-2013-0941 | 3 Apache, Microsoft, Rsa | 7 Http Server, Internet Information Server, Windows and 4 more | 2025-04-11 | N/A |
| EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. | ||||
| CVE-2010-0408 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. | ||||
| CVE-2011-4415 | 1 Apache | 1 Http Server | 2025-04-11 | N/A |
| The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. | ||||
| CVE-2011-3607 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. | ||||
| CVE-2011-1176 | 3 Apache, Debian, Mpm-itk Project | 3 Http Server, Debian Linux, Mpm-itk | 2025-04-11 | N/A |
| The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process. | ||||
| CVE-2013-1862 | 5 Apache, Canonical, Opensuse and 2 more | 12 Http Server, Ubuntu Linux, Opensuse and 9 more | 2025-04-11 | N/A |
| mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. | ||||
| CVE-2012-0021 | 2 Apache, Redhat | 2 Http Server, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. | ||||
| CVE-2003-1581 | 1 Apache | 1 Http Server | 2025-04-11 | N/A |
| The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | ||||
| CVE-2012-1181 | 1 Apache | 2 Http Server, Mod Fcgid | 2025-04-11 | N/A |
| fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit. | ||||
| CVE-2012-4001 | 2 Apache, Google | 2 Http Server, Mod Pagespeed | 2025-04-11 | N/A |
| The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers. | ||||
| CVE-2011-0419 | 10 Apache, Apple, Debian and 7 more | 12 Http Server, Portable Runtime, Mac Os X and 9 more | 2025-04-11 | N/A |
| Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. | ||||