Total
299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27316 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Ontap | 2024-07-30 | N/A | 7.5 HIGH |
| HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. | |||||
| CVE-2021-41773 | 4 Apache, Fedoraproject, Netapp and 1 more | 4 Http Server, Fedora, Cloud Backup and 1 more | 2024-07-26 | 4.3 MEDIUM | 7.5 HIGH |
| A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. | |||||
| CVE-2021-42013 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Cloud Backup and 3 more | 2024-07-26 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. | |||||
| CVE-2019-0211 | 8 Apache, Canonical, Debian and 5 more | 27 Http Server, Ubuntu Linux, Debian Linux and 24 more | 2024-07-25 | 7.2 HIGH | 7.8 HIGH |
| In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. | |||||
| CVE-2021-40438 | 9 Apache, Broadcom, Debian and 6 more | 18 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 15 more | 2024-07-24 | 6.8 MEDIUM | 9.0 CRITICAL |
| A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2023-45802 | 2 Apache, Fedoraproject | 2 Http Server, Fedora | 2024-06-10 | N/A | 5.9 MEDIUM |
| When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | |||||
| CVE-2023-31122 | 2 Apache, Fedoraproject | 2 Http Server, Fedora | 2024-06-10 | N/A | 7.5 HIGH |
| Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. | |||||
| CVE-2019-17567 | 3 Apache, Fedoraproject, Oracle | 5 Http Server, Fedora, Enterprise Manager Ops Center and 2 more | 2024-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. | |||||
| CVE-2007-6423 | 2 Apache, Microsoft | 2 Http Server, Windows Nt | 2024-05-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue | |||||
| CVE-2007-0086 | 1 Apache | 1 Http Server | 2024-05-17 | 7.8 HIGH | N/A |
| The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal | |||||
| CVE-2004-2343 | 1 Apache | 1 Http Server | 2024-05-17 | 7.2 HIGH | N/A |
| Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument | |||||
| CVE-2003-1307 | 1 Apache | 1 Http Server | 2024-05-17 | 4.3 MEDIUM | N/A |
| The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP. | |||||
| CVE-2021-31618 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2024-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released. | |||||
| CVE-2007-6420 | 2 Apache, Canonical | 2 Http Server, Ubuntu Linux | 2024-04-26 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2011-0419 | 9 Apache, Apple, Debian and 6 more | 10 Http Server, Portable Runtime, Mac Os X and 7 more | 2024-04-02 | 4.3 MEDIUM | N/A |
| Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. | |||||
| CVE-2009-3720 | 4 A M Kuchling, Apache, Libexpat Project and 1 more | 4 Pyxml, Http Server, Libexpat and 1 more | 2024-02-22 | 5.0 MEDIUM | N/A |
| The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | |||||
| CVE-2009-2699 | 1 Apache | 2 Http Server, Portable Runtime | 2024-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs. | |||||
| CVE-2004-0174 | 1 Apache | 1 Http Server | 2024-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." | |||||
| CVE-2007-1863 | 2 Apache, Apple | 2 Http Server, Mac Os X Server | 2024-02-15 | 5.0 MEDIUM | N/A |
| cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. | |||||
| CVE-2009-1195 | 1 Apache | 1 Http Server | 2024-02-15 | 4.9 MEDIUM | N/A |
| The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. | |||||