Home/Product/apache http server
Product

apache http server

319 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-28780
< 2.4.67
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP serv
9.8CRITICAL
 CVE-2026-29168
>= 2.4.30 and < 2.4.67
Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This
7.3HIGH
 CVE-2026-33523
>= 2.4.0 and < 2.4.67
HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This
6.5MEDIUM
 CVE-2026-33007
>= 2.4.0 and < 2.4.67
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user
5.3MEDIUM
 CVE-2026-33006
< 2.4.67
A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker
4.8MEDIUM
 CVE-2026-29169
< 2.4.67
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with
7.5HIGH
 CVE-2026-23918
all versions
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server:
8.8HIGH
 CVE-2026-34032
< 2.4.67
Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through
5.3MEDIUM
 CVE-2026-33857
< 2.4.67
Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66.
5.3MEDIUM
 CVE-2026-34059
< 2.4.67
Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommend
7.5HIGH
 CVE-2026-24072
< 2.4.67
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files w
8.8HIGH
 CVE-2025-58098
< 2.4.66
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-esca
8.3HIGH
 CVE-2025-66200
>= 2.4.7 and < 2.4.66
mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHead
5.4MEDIUM
 CVE-2025-65082
>= 2.4.0 and < 2.4.66
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables se
6.5MEDIUM
 CVE-2025-59775
>= 2.4.0 and < 2.4.66
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlas
7.5HIGH
 CVE-2025-55753
>= 2.4.30 and < 2.4.66
An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configur
7.5HIGH
 CVE-2025-54090
all versions
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to u
6.3MEDIUM
 CVE-2025-53020
>= 2.4.17 and < 2.4.64
Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from
7.5HIGH
 CVE-2025-49812
< 2.4.64
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-
7.4HIGH
 CVE-2025-49630
>= 2.4.26 and < 2.4.64
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be t
7.5HIGH
 CVE-2025-23048
>= 2.4.35 and < 2.4.64
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is poss
9.1CRITICAL
 CVE-2024-47252
>= 2.4.0 and < 2.4.64
Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client
7.5HIGH
 CVE-2024-43394
>= 2.4.0 and < 2.4.64
Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server
7.5HIGH
 CVE-2024-43204
>= 2.4.0 and < 2.4.64
SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the att
7.5HIGH
 CVE-2024-42516
>= 2.4.0 and < 2.4.64
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers
7.5HIGH
 CVE-2025-3891
all versions
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a
7.5HIGH
 CVE-2024-40898
< 2.4.62
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malici
7.5HIGH
 CVE-2024-40725
all versions
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based conf
5.3MEDIUM
 CVE-2024-39884
all versions
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.
6.2MEDIUM
 CVE-2024-39573
>= 2.4.0 and < 2.4.60
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpect
7.5HIGH
 CVE-2024-38477
>= 2.4.0 and < 2.4.60
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malici
7.5HIGH
 CVE-2024-38476
>= 2.4.0 and < 2.4.60
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script exec
9.8CRITICAL
 CVE-2024-38475
>= 2.4.0 and < 2.4.60
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem l
9.1CRITICAL
 CVE-2024-38474
>= 2.4.0 and < 2.4.60
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in director
9.8CRITICAL
 CVE-2024-38473
>= 2.4.0 and < 2.4.60
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to b
8.1HIGH
 CVE-2024-38472
>= 2.4.0 and < 2.4.60
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious request
7.5HIGH
 CVE-2024-36387
>= 2.4.55 and <= 2.4.59
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the
5.4MEDIUM
 CVE-2024-27316
>= 2.4.17 and < 2.4.59
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 respo
7.5HIGH
 CVE-2024-24795
>= 2.4.0 and < 2.4.59
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers in
6.3MEDIUM
 CVE-2023-38709
< 2.4.59
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.
7.3HIGH
 CVE-2023-45802
>= 2.4.17 and < 2.4.58
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not recla
5.9MEDIUM
 CVE-2023-43622
>= 2.4.55 and < 2.4.58
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinit
7.5HIGH
 CVE-2023-31122
< 2.4.58
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
7.5HIGH
 CVE-2023-27522
>= 2.4.30 and < 2.4.56
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.3
7.5HIGH
 CVE-2023-25690
>= 2.4.0 and <= 2.4.55
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Confi
9.8CRITICAL
 CVE-2022-37436
< 2.4.55
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some he
5.3MEDIUM
 CVE-2022-36760
>= 2.4.0 and < 2.4.55
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allow
9.0CRITICAL
 CVE-2006-20001
< 2.4.55
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location b
7.5HIGH
 CVE-2022-31813
< 2.4.54
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection
9.8CRITICAL
 CVE-2022-30556
< 2.4.54
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage
7.5HIGH
 CVE-2022-30522
all versions
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very l
7.5HIGH
 CVE-2022-29404
<= 2.4.53
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of serv
7.5HIGH
 CVE-2022-28615
< 2.4.54
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when prov
9.1CRITICAL
 CVE-2022-28614
<= 2.4.53
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server t
5.3MEDIUM
 CVE-2022-28330
<= 2.4.53
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi mod
5.3MEDIUM
 CVE-2022-26377
>= 2.4.0 and < 2.4.54
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allow
7.5HIGH
 CVE-2022-23943
>= 2.4.0 and < 2.4.53
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attac
9.8CRITICAL
 CVE-2022-22721
<= 2.4.52
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow hap
9.1CRITICAL
 CVE-2022-22720
<= 2.4.52
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, e
9.8CRITICAL
 CVE-2022-22719
<= 2.4.52
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affec
7.5HIGH
 CVE-2021-44790
< 2.4.52
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua script
9.8CRITICAL
 CVE-2021-44224
>= 2.4.7 and < 2.4.52
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for
8.2HIGH
 CVE-2021-42013
all versions
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal
9.8CRITICAL
 CVE-2021-41773
all versions
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attac
9.8CRITICAL
 CVE-2021-41524
all versions
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external
7.5HIGH
 CVE-2021-40438
<= 2.4.48
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue a
9.0CRITICAL
 CVE-2021-39275
< 2.4.49
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to the
9.8CRITICAL
 CVE-2021-36160
>= 2.4.30 and < 2.4.49
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affe
7.5HIGH
 CVE-2021-34798
<= 2.4.48
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
7.5HIGH
 CVE-2021-33193
>= 2.4.17 and < 2.4.49
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or
7.5HIGH
 CVE-2021-31618
all versions
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as config
7.5HIGH
 CVE-2021-30641
>= 2.4.39 and <= 2.4.46
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
5.3MEDIUM
 CVE-2021-26691
>= 2.4.0 and <= 2.4.46
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overf
9.8CRITICAL
 CVE-2021-26690
>= 2.4.0 and <= 2.4.46
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dere
7.5HIGH
 CVE-2020-35452
>= 2.4.0 and <= 2.4.46
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There
7.3HIGH
 CVE-2020-13950
>= 2.4.41 and <= 2.4.46
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted
7.5HIGH
 CVE-2020-13938
>= 2.4.0 and <= 2.4.46
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
5.5MEDIUM
 CVE-2019-17567
>= 2.4.6 and <= 2.4.46
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin
5.3MEDIUM
 CVE-2020-9490
>= 2.4.20 and < 2.4.46
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would re
7.5HIGH
 CVE-2020-11993
>= 2.4.20 and < 2.4.44
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patter
7.5HIGH
 CVE-2020-11985
>= 2.4.1 and <= 2.4.23
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certa
5.3MEDIUM
 CVE-2020-11984
>= 2.4.32 and <= 2.4.43
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
9.8CRITICAL
 CVE-2020-1927
>= 2.4.0 and <= 2.4.41
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fo
6.1MEDIUM
 CVE-2020-1934
>= 2.4.0 and <= 2.4.41
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
5.3MEDIUM
 CVE-2019-10097
all versions
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY"
7.2HIGH
 CVE-2019-10092
>= 2.4.0 and <= 2.4.39
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attac
6.1MEDIUM
 CVE-2019-10082
>= 2.4.18 and <= 2.4.39
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after be
9.1CRITICAL
 CVE-2019-10098
>= 2.4.0 and <= 2.4.39
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fo
6.1MEDIUM
 CVE-2019-10081
>= 2.4.20 and <= 2.4.39
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memo
7.5HIGH
 CVE-2019-9517
>= 2.4.20 and < 2.4.40
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Th
7.5HIGH
 CVE-2019-0197
>= 2.4.34 and <= 2.4.38
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enable
4.2MEDIUM
 CVE-2019-0196
>= 2.4.17 and <= 2.4.38
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be
5.3MEDIUM
 CVE-2019-0220
>= 2.4.0 and <= 2.4.38
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consec
5.3MEDIUM
 CVE-2019-0211
>= 2.4.17 and <= 2.4.38
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child pr
7.8HIGH
 CVE-2019-0217
>= 2.4.0 and <= 2.4.38
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could al
7.5HIGH
 CVE-2019-0215
all versions
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification wit
7.5HIGH
 CVE-2019-0190
all versions
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would
7.5HIGH
 CVE-2018-17199
>= 2.4.0 and <= 2.4.37
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This c
7.5HIGH
 CVE-2018-17189
all versions
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream f
5.3MEDIUM
 CVE-2018-11763
>= 2.4.17 and <= 2.4.34
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thre
5.9MEDIUM
 CVE-2016-4975
all versions
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by chan
6.1MEDIUM
 CVE-2017-12171
all versions
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny"
6.5MEDIUM
 CVE-2018-8011
all versions
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to
7.5HIGH
 CVE-2018-1333
>= 2.4.18 and <= 2.4.30
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion a
7.5HIGH
 CVE-2018-1312
all versions
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks
9.8CRITICAL
 CVE-2018-1303
<= 2.4.29
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound r
7.5HIGH
 CVE-2018-1302
<= 2.4.29
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL
5.9MEDIUM
 CVE-2018-1301
<= 2.4.29
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after
5.9MEDIUM
 CVE-2018-1283
>= 2.4.0 and <= 2.4.29
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, no
5.3MEDIUM
 CVE-2017-15715
>= 2.4.0 and <= 2.4.29
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious fi
8.1HIGH
 CVE-2017-15710
all versions
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,
7.5HIGH
 CVE-2016-8612
< 2.4.23
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing l
4.3MEDIUM
 CVE-2017-9798
<= 2.2.34
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htacce
7.5HIGH
 CVE-2016-8743
>= 2.2.0 and <= 2.2.31
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in r
7.5HIGH
 CVE-2016-2161
all versions
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instanc
7.5HIGH
 CVE-2016-0736
all versions
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers wit
7.5HIGH
 CVE-2017-7659
all versions
A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer
7.5HIGH
 CVE-2017-9789
all versions
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after i
7.5HIGH
 CVE-2017-9788
<= 2.2.33
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was
9.1CRITICAL
 CVE-2017-7679
>= 2.2.0 and < 2.2.33
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a ma
9.8CRITICAL
 CVE-2017-7668
all versions
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_fi
7.5HIGH
 CVE-2017-3169
all versions
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call
9.8CRITICAL
 CVE-2017-3167
>= 2.2.0 and < 2.2.33
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of t
9.8CRITICAL
 CVE-2016-8740
all versions
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does no
7.5HIGH
 CVE-2016-5387
>= 2.2.0 and <= 2.2.31
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presenc
8.1HIGH
 CVE-2016-4979
all versions
The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyCl
7.5HIGH
 CVE-2016-1546
all versions
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for
5.9MEDIUM
 CVE-2015-3185
all versions
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Requ
 CVE-2015-3183
>= 2.2.0 and < 2.2.31
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which al
 CVE-2015-0253
all versions
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure me
 CVE-2015-0228
<= 2.4.12
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote atta
 CVE-2014-8109
all versions
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration i
 CVE-2014-3583
all versions
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCG
 CVE-2014-3581
all versions
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11
 CVE-2014-3523
all versions
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.1
 CVE-2014-0231
>= 2.2.0 and < 2.2.29
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to ca
 CVE-2014-0226
>= 2.2.0 and < 2.2.29
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of servi
 CVE-2014-0118
>= 2.2.0 and < 2.2.29
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request bo
 CVE-2014-0117
all versions
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to ca
 CVE-2013-4352
all versions
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a cac
 CVE-2013-5704
all versions
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by plac
 CVE-2014-0098
>= 2.2.0 and < 2.2.27
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote atta
 CVE-2013-6438
>= 2.2.0 and < 2.2.27
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remov
 CVE-2013-2249
>= 2.4.1 and <= 2.4.4
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session
 CVE-2013-1896
>= 2.2.0 and < 2.2.25
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remot
 CVE-2013-1862
>= 2.0.0 and < 2.0.65
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing
 CVE-2012-4558
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balance
 CVE-2012-3499
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow
 CVE-2012-4557
all versions
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection o
 CVE-2012-3502
all versions
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module i
 CVE-2012-2687
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation
 CVE-2012-0883
>= 2.2.0 and < 2.2.23
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which
 CVE-2012-0053
>= 2.0.0 and < 2.0.65
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad
 CVE-2012-0021
all versions
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a t
 CVE-2012-0031
>= 2.0.0 and < 2.0.65
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash durin
 CVE-2007-6750
<= 2.2.14
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests,
 CVE-2011-4317
all versions
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revi
 CVE-2011-3639
all versions
The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in
 CVE-2011-4415
all versions
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_set
 CVE-2011-3607
all versions
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.
 CVE-2011-3368
all versions
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not prope
 CVE-2011-3348
>= 2.2.12 and <= 2.2.20
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, all
 CVE-2011-3192
>= 2.0.35 and < 2.0.65
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to ca
 CVE-2011-1928
all versions
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Serv
 CVE-2011-0419
>= 2.0.0 and <= 2.0.65
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before
 CVE-2010-1623
>= 2.0.35 and < 2.0.64
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka AP
 CVE-2010-2791
all versions
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs wh
 CVE-2010-1452
>= 2.0.35 and < 2.0.64
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial o
 CVE-2010-2068
all versions
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWar
 CVE-2010-1151
all versions
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read
 CVE-2010-0434
>= 2.0.35 and < 2.0.64
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used,
 CVE-2010-0425
>= 2.0.37 and < 2.0.64
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x befor
 CVE-2010-0408
all versions
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not prope
 CVE-2003-1581
all versions
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary
 CVE-2003-1580
all versions
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identif
 CVE-2010-0010
<= 1.3.41
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64
 CVE-2009-3560
>= 2.0.35 and < 2.0.64
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-depen
 CVE-2009-3555
<= 2.2.14
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod
9.8CRITICAL
 CVE-2009-3720
>= 2.0.35 and < 2.0.64
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other softw
 CVE-2009-2699
>= 2.2.0 and < 2.2.14
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.
7.5HIGH
 CVE-2009-3095
>= 2.0.35 and < 2.0.64
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitra
 CVE-2009-3094
>= 2.0.35 and < 2.0.64
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.
 CVE-2009-1891
>= 2.0.35 and < 2.0.64
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated networ
 CVE-2009-1890
>= 2.2.0 and < 2.2.12
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse
 CVE-2009-1956
>= 2.2.0 and < 2.2.12
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attacke
 CVE-2009-1955
>= 2.2.0 and < 2.2.12
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_d
7.5HIGH
 CVE-2009-0023
>= 2.2.0 and < 2.2.12
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a
 CVE-2009-1195
all versions
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride direct
 CVE-2009-1191
all versions
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response
 CVE-2008-2939
<= 2.0.63
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ft
 CVE-2008-2364
>= 2.0.35 and < 2.0.64
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8
 CVE-2008-2168
all versions
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTM
 CVE-2008-0456
>= 2.2.0 and < 2.2.12
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61
 CVE-2008-0455
>= 2.2.0 and < 2.2.23
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x se
 CVE-2008-0005
>= 2.0.35 and < 2.0.63
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, wh
 CVE-2007-6423
all versions
Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows rem
 CVE-2007-6420
all versions
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows
 CVE-2007-6421
all versions
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 a
 CVE-2007-6422
all versions
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processin
 CVE-2007-6388
>= 1.3.2 and <= 1.3.39
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1
 CVE-2007-6514
all versions
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to
 CVE-2007-5000
>= 1.3.0 and <= 1.3.39
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 thro
 CVE-2007-6203
all versions
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected ba
 CVE-2007-4465
>= 2.0.0 and < 2.0.61
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-g
6.1MEDIUM
 CVE-2007-3847
>= 2.0.35 and < 2.0.61
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin
 CVE-2007-1863
>= 2.0.37 and < 2.0.61
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module
 CVE-2006-5752
>= 1.3.2 and < 1.3.39
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStat
 CVE-2007-3304
>= 1.3.0 and < 1.3.39
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying t
 CVE-2007-3303
all versions
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code seque
 CVE-2007-1862
all versions
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apa
 CVE-2007-1743
all versions
suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might all
 CVE-2007-1742
all versions
suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the doc
 CVE-2007-1741
all versions
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, all
 CVE-2007-0450
all versions
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain pro
 CVE-2007-0086
all versions
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial
 CVE-2006-6675
all versions
Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows rem
 CVE-2006-4154
all versions
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code
 CVE-2006-4110
all versions
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains upp
 CVE-2006-3747
>= 1.3.28 and < 1.3.37
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versi
 CVE-2006-3918
>= 1.3.3 and < 1.3.35
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2
 CVE-2005-3357
all versions
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allow
 CVE-2005-3352
< 1.3.35
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.
 CVE-2005-2970
>= 2.0.36 and < 2.0.55
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of serv
 CVE-2005-2700
>= 2.0.35 and < 2.0.55
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does
 CVE-2005-2728
all versions
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an
 CVE-2005-1268
>= 2.0.35 and <= 2.0.54
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, a
 CVE-2005-2088
>= 2.0.35 and < 2.0.55
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the
 CVE-2005-1344
all versions
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since
 CVE-2004-0942
<= 2.0.52
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request
 CVE-2004-0940
>= 1.3 and <= 1.3.32
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents
7.8HIGH
 CVE-2004-2343
<= 2.0.47
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with di
 CVE-2004-1387
all versions
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink a
 CVE-2004-0811
all versions
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain acce
 CVE-2004-0263
all versions
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same
 CVE-2004-0885
all versions
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, al
 CVE-2004-0786
>= 2.0.35 and < 2.0.51
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of se
 CVE-2004-0751
>= 2.0.44 and < 2.0.51
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote at
 CVE-2004-0748
>= 2.0.35 and < 2.0.51
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL con
 CVE-2004-0747
>= 2.0.35 and < 2.0.51
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the ove
7.8HIGH
 CVE-2004-0809
>= 2.0.35 and < 2.0.51
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a c
 CVE-2004-0493
all versions
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhausti
 CVE-2004-0492
all versions
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of s
 CVE-2004-0488
>= 2.0.35 and < 2.0.50
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured
 CVE-2004-0174
<= 2.0.49
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote att
7.5HIGH
 CVE-2004-0173
all versions
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remo
 CVE-2004-0113
all versions
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory
 CVE-2003-0993
all versions
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using I
 CVE-2004-1834
all versions
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which c
 CVE-2003-0987
<= 1.3.30
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
 CVE-2004-1082
all versions
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which al
 CVE-2003-1418
all versions
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag heade
 CVE-2003-1307
all versions
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's
 CVE-2003-0789
>= 2.0.35 and < 2.0.48
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache
 CVE-2003-0542
all versions
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create conf
 CVE-2003-0460
<= 1.3.27
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters
 CVE-2003-0254
all versions
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite l
 CVE-2003-0253
all versions
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of ser
 CVE-2003-0192
all versions
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory
 CVE-2003-0245
all versions
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows re
 CVE-2003-0189
all versions
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r
 CVE-2003-0134
all versions
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a de
 CVE-2003-0132
>= 2.0.0 and <= 2.0.44
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chu
 CVE-2003-0083
>= 1.3.0 and < 1.3.26
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, whic
 CVE-2003-0020
>= 1.3.0 and < 1.3.31
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those seq
 CVE-2003-0017
all versions
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in cer
 CVE-2003-0016
all versions
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of
 CVE-2002-2272
all versions
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of se
 CVE-2002-2103
all versions
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when
 CVE-2002-2029
all versions
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary fil
 CVE-2002-2012
all versions
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results"
 CVE-2002-1850
all versions
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory
7.5HIGH
 CVE-2002-1658
all versions
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. N
 CVE-2002-1233
all versions
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian
 CVE-2002-1156
all versions
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV a
 CVE-2002-0843
all versions
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow
 CVE-2002-0840
all versions
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCa
 CVE-2002-0839
>= 1.3.0 and < 1.3.27
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a
 CVE-2002-1593
all versions
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child proces
 CVE-2002-0654
all versions
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1
 CVE-2002-0661
all versions
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitr
 CVE-2002-0392
>= 1.2.2 and <= 1.3.24
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execut
 CVE-2002-0257
all versions
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from
 CVE-2002-0249
all versions
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical p
 CVE-2002-0240
all versions
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain th
 CVE-2002-1592
all versions
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the cl
 CVE-2002-0061
< 1.3.24
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell meta
 CVE-2001-1556
>= 1.3.0 and < 1.3.31
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control character
 CVE-2001-1534
>= 1.3.11 and <= 1.3.20
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, syst
 CVE-2001-1449
all versions
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote
 CVE-2001-0730
all versions
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP req
 CVE-2001-0729
all versions
Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL wi
 CVE-2001-0766
all versions
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that con
9.8CRITICAL
 CVE-2001-0731
all versions
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL conta
 CVE-2001-1072
all versions
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) c
 CVE-2001-1342
all versions
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request fo
 CVE-2001-0925
all versions
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html f
 CVE-2001-0131
all versions
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
 CVE-2001-0042
all versions
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c"
 CVE-2000-0913
all versions
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to
 CVE-2000-0869
all versions
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary direc
 CVE-2000-0868
all versions
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replac
 CVE-2000-1204
all versions
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain
 CVE-2000-0505
all versions
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containi
 CVE-2000-1205
all versions
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site vis
 CVE-1999-1293
<= 1.2.5
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which cause
 CVE-1999-0289
all versions
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
 CVE-1999-1053
all versions
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "--" separators, which allows remote attacker
 CVE-1999-0926
all versions
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
 CVE-2000-1206
all versions
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apa
 CVE-1999-1237
all versions
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules,
 CVE-1999-1412
all versions
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of servi
 CVE-1999-0678
all versions
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documenta
 CVE-1999-1199
<= 1.3.1
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number
 CVE-1999-0107
all versions
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET reque
 CVE-1999-0071
all versions
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
 CVE-1999-0236
< 1.0
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
7.5HIGH
 CVE-1999-0045
all versions
List of arbitrary files on Web host via nph-test-cgi script.
 CVE-1999-0070
< 1.3.0
test-cgi program allows an attacker to list files on the server.
 CVE-1999-0067
all versions
phf CGI program allows remote command execution through shell metacharacters.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin