CRITICAL9.8CVE-2021-42013⚠ KEVPath Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) from 0, < 2.4.51-1
CRITICAL9.8CVE-2021-41773⚠ KEVPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 from 0, < 2.4.50-1
CRITICAL9.1⚠ KEVApache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
from 0, < 2.4.61-1~deb11u1
CRITICAL9.0⚠ KEVmod_proxy SSRF
from 0, < 2.4.51-1~deb11u1
HIGH7.8⚠ KEVApache HTTP Server Privilege Escalation Vulnerability
from 0, < 2.4.38-3
CRITICAL9.8Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
from 0
CRITICAL9.8Apache HTTP Server: mod_ldap per-dir use-after-free
from 0
CRITICAL9.8Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()
from 0, < 2.4.67-1~deb11u1
CRITICAL9.8Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
from 0, < 2.4.61-1~deb11u1
CRITICAL9.8Apache HTTP Server weakness with encoded question marks in backreferences
from 0, < 2.4.61-1~deb11u1
CRITICAL9.8apache2 - security update
from 0, < 2.4.38-3+deb10u10
CRITICAL9.8apache2 - security update
from 0, < 2.4.56-1~deb11u1
CRITICAL9.8mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
from 0, < 2.4.54-1~deb11u1
CRITICAL9.8pound - security update
from 0, < 2.2.14-2
CRITICAL9.8mod_sed: Read/write beyond bounds
from 0, < 2.4.53-1~deb11u1
CRITICAL9.8HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
from 0, < 2.4.53-1~deb11u1
CRITICAL9.8Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
from 0, < 2.4.52-1~deb11u2
CRITICAL9.8ap_escape_quotes buffer overflow
from 0, < 2.4.51-1~deb11u1
CRITICAL9.8Apache HTTP Server mod_session response handling heap overflow
from 0, < 2.4.46-6
CRITICAL9.8apache2 - security update
from 0, < 2.4.38-3+deb10u4
CRITICAL9.8apache2 - security update
from 0, < 2.4.46-1
CRITICAL9.8In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not c…
from 0, < 2.4.33-1
CRITICAL9.8In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious C…
from 0, < 2.4.25-4
CRITICAL9.8In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_p…
from 0, < 2.4.25-4
CRITICAL9.8apache2 - security update
from 0, < 2.2.22-13+deb7u9
CRITICAL9.8apache2 - security update
from 0, < 2.4.25-4
CRITICAL9.8apache2 - security update
from 0, < 2.4.10-10+deb8u9
CRITICAL9.1Apache HTTP Server: mod_dav_fs protected directory access
from 0
CRITICAL9.1Apache HTTP Server: mod_ssl access control bypass with session resumption
from 0, < 2.4.65-1~deb11u1
CRITICAL9.1Read beyond bounds in ap_strcmp_match()
from 0, < 2.4.54-1~deb11u1
CRITICAL9.1core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
from 0, < 2.4.53-1~deb11u1
CRITICAL9.1In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed…
from 0, < 2.4.41-1
CRITICAL9.1apache2 - security update
from 0, < 2.4.10-10+deb8u10
CRITICAL9.1apache2 - security update
from 0, < 2.2.22-13+deb7u10
CRITICAL9.1apache2 - security update
from 0, < 2.4.27-1
CRITICAL9.0Apache HTTP Server: mod_proxy_ajp Possible request smuggling
from 0, < 2.4.56-1~deb11u1
HIGH8.8Apache HTTP Server: http2: double free and possible RCE on early reset
from 0, < 2.4.67-1~deb12u2
HIGH8.8Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
from 0, < 2.4.67-1~deb11u1
HIGH8.3Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
from 0, < 2.4.66-1~deb11u1
HIGH8.2apache2 - security update
from 0, < 2.4.38-3+deb10u7
HIGH8.2apache2 - security update
from 0, < 2.4.25-3+deb9u12
HIGH8.2apache2 - security update
from 0, < 2.4.52-1~deb11u2
HIGH8.1Apache HTTP Server proxy encoding problem
from 0, < 2.4.61-1~deb11u1
HIGH8.1In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, r…
from 0, < 2.4.33-1
HIGH8.1apache2 - security update
from 0, < 2.4.10-10+deb8u5
HIGH8.1apache2 - security update
from 0, < 2.2.22-13+deb7u7
HIGH8.1apache2 - security update
from 0, < 2.4.23-2
HIGH7.8Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow dur…
from 0, < 2.0.51
HIGH7.5Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
from 0
HIGH7.5Apache HTTP Server: mod_proxy_html buffer overflow
from 0
HIGH7.5Apache HTTP Server: mod_xml2enc heap overflow
from 0
HIGH7.5Apache HTTP Server: mod_http2 denial of service
from 0, < 2.4.67-1~deb11u2
HIGH7.5Apache HTTP Server: mod_dav_lock indirect lock crash
from 0, < 2.4.67-1~deb11u1
HIGH7.5Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
from 0, < 2.4.67-1~deb11u1
HIGH7.5Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF
from 0, < 2.4.66-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.66-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.66-1~deb11u1
HIGH7.5Apache HTTP Server: HTTP/2 DoS by Memory Increase
from 0, < 2.4.65-1~deb11u1
HIGH7.5Apache HTTP Server: mod_proxy_http2 denial of service
from 0, < 2.4.65-1~deb11u1
HIGH7.5Apache HTTP Server: mod_ssl error log variable escaping
from 0, < 2.4.65-1~deb11u1
HIGH7.5Apache HTTP Server: SSRF on Windows due to UNC paths
from 0, < 2.4.65-1~deb11u1
HIGH7.5Apache HTTP Server: SSRF with mod_headers setting Content-Type header
from 0, < 2.4.65-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.65-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.65-1~deb11u1
HIGH7.5Apache HTTP Server: mod_rewrite proxy handler substitution
from 0, < 2.4.61-1~deb11u1
HIGH7.5Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
from 0, < 2.4.61-1~deb11u1
HIGH7.5Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
from 0, < 2.4.59-1~deb11u1
HIGH7.5Apache HTTP Server: DoS in HTTP/2 with initial windows size 0
from 0, < 2.4.59-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.59-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.59-1~deb11u1
HIGH7.5Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
from 0, < 2.4.56-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.56-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.56-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.38-3+deb10u9
HIGH7.5Information Disclosure in mod_lua with websockets
from 0, < 2.4.54-1~deb11u1
HIGH7.5mod_sed denial of service
from 0, < 2.4.54-1~deb11u1
HIGH7.5Denial of service in mod_lua r:parsebody
from 0, < 2.4.54-1~deb11u1
HIGH7.5mod_proxy_ajp: Possible request smuggling
from 0, < 2.4.54-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.25-3+deb9u13
HIGH7.5apache2 - security update
from 0, < 2.4.53-1~deb11u1
HIGH7.5null pointer dereference in h2 fuzzing
from 0, < 2.4.50-1
HIGH7.5uwsgi - security update
from 0, < 2.4.51-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.38-3+deb10u6
HIGH7.5apache2 - security update
from 0, < 2.4.51-1~deb11u1
HIGH7.5apache2 - security update
from 0, < 2.4.25-3+deb9u11
HIGH7.5Request splitting via HTTP/2 method injection and mod_proxy
from 0, < 2.4.48-3.1+deb11u1
HIGH7.5NULL pointer dereference on specially crafted HTTP/2 request
from 0, < 2.4.46-5
HIGH7.5mod_session NULL pointer dereference
from 0, < 2.4.46-6
HIGH7.5mod_proxy_http NULL pointer dereference
from 0, < 2.4.46-6
HIGH7.5Apache HTTP Server versions 2.4.20 to 2.4.43.
from 0, < 2.4.46-1
HIGH7.5Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, loggi…
from 0, < 2.4.46-1
HIGH7.5apache2 - security update
from 0, < 2.4.25-3+deb9u8
HIGH7.5apache2 - security update
from 0, < 2.4.41-1
HIGH7.5Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service.
from 0, < 2.4.41-1
HIGH7.5apache2 - security update
from 0, < 2.4.38-3
HIGH7.5apache2 - security update
from 0, < 2.4.10-10+deb8u14
HIGH7.5In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3…
from 0, < 2.4.38-3
HIGH7.5A bug exists in the way mod_ssl handled client renegotiations.
from 0, < 2.4.38-1
HIGH7.5apache2 - security update
from 0, < 2.4.10-10+deb8u13
HIGH7.5apache2 - security update
from 0, < 2.4.38-1
HIGH7.5By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault.
from 0, < 2.4.34-1
HIGH7.5By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a deni…
from 0, < 2.4.34-1
HIGH7.5A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while…
from 0, < 2.4.33-1
HIGH7.5apache2 - security update
from 0, < 2.2.22-13+deb7u13
HIGH7.5apache2 - security update
from 0, < 2.4.10-10+deb8u12
HIGH7.5apache2 - security update
from 0, < 2.4.33-1
HIGH7.5apache2 - security update
from 0, < 2.4.10-10+deb8u11
HIGH7.5apache2 - security update
from 0, < 2.4.27-6
HIGH7.5apache2 - security update
from 0, < 2.2.22-13+deb7u12
HIGH7.5apache2 - regression update
from 0, < 2.2.22-13+deb7u11
HIGH7.5apache2 - regression update
from 0, < 2.2.22-13+deb7u8
HIGH7.5apache2 - regression update
from 0, < 2.4.25-1
HIGH7.5In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continu…
from 0, < 2.4.25-1
HIGH7.5apache2 - security update
from 0, < 2.4.25-1
HIGH7.5apache2 - security update
from 0, < 2.4.10-10+deb8u8
HIGH7.5A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash…
from 0, < 2.4.25-4
HIGH7.5The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token(…
from 0, < 2.4.25-4
HIGH7.5The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restric…
from 0, < 2.4.25-1
HIGH7.5The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient requ…
from 0, < 2.4.23-1
HIGH7.5mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumpt…
from 0, < 2.0.42-1
HIGH7.4Apache HTTP Server: mod_ssl TLS upgrade attack
from 0, < 2.4.65-1~deb11u1
HIGH7.3Apache HTTP Server: mod_http2 memory corruption when file handles exhausted
from 0
HIGH7.3Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
from 0
HIGH7.3Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
from 0
HIGH7.3Apache HTTP Server: mod_md unrestricted OCSP response
from 0, < 2.4.67-1~deb11u1
HIGH7.3Apache HTTP Server: HTTP response splitting
from 0, < 2.4.59-1~deb11u1
HIGH7.3apache2 - security update
from 0, < 2.4.38-3+deb10u5
HIGH7.3apache2 - security update
from 0, < 2.4.46-6
HIGH7.2In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol…
from 0, < 2.4.41-1
MEDIUM6.5Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash
from 0
MEDIUM6.5Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
from 0, < 2.4.67-1~deb11u1
MEDIUM6.5Apache HTTP Server: CGI environment variable override
from 0, < 2.4.66-1~deb11u1
MEDIUM6.3Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
from 0, < 2.4.65-1
MEDIUM6.3Apache HTTP Server: HTTP Response Splitting in multiple modules
from 0, < 2.4.59-1~deb11u1
MEDIUM6.2Apache HTTP Server: source code disclosure with handlers configured via AddType
from 0, < 2.4.61-1
MEDIUM6.1Apache HTTP Server: mod_proxy_ftp XSS
from 0
MEDIUM6.1apache2 - security update
from 0, < 2.4.25-3+deb9u10
MEDIUM6.1apache2 - security update
from 0, < 2.4.43-1
MEDIUM6.1apache2 - security update
from 0, < 2.4.41-1
MEDIUM6.1apache2 - security update
from 0, < 2.4.10-10+deb8u15
MEDIUM6.1apache2 - security update
from 0, < 2.4.25-3+deb9u9
MEDIUM6.1In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by e…
from 0, < 2.4.41-1
MEDIUM6.1Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir.
from 0, < 2.4.25-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated…
from 0, < 2.2.6-1
MEDIUM5.9Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST
from 0, < 2.4.59-1~deb11u1
MEDIUM5.9In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CP…
from 0, < 2.4.35-1
MEDIUM5.9When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer p…
from 0, < 2.4.33-1
MEDIUM5.9A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size l…
from 0, < 2.4.33-1
MEDIUM5.9The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single…
from 0, < 2.4.20-1
MEDIUM5.5Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
from 0
MEDIUM5.4Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
from 0, < 2.4.66-1~deb11u1
MEDIUM5.4apache2 - security update
from 0, < 2.4.61-1~deb11u1
MEDIUM5.4apache2 - security update
from 0, < 2.4.61-1~deb11u1
MEDIUM5.3Apache HTTP Server: mod_authn_socache crash
from 0, < 2.4.67-1~deb11u1
MEDIUM5.3Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
from 0, < 2.4.67-1~deb11u1
MEDIUM5.3Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
from 0, < 2.4.67-1~deb11u1
MEDIUM5.3Apache HTTP Server: source code disclosure with handlers configured via AddType
from 0, < 2.4.62-1~deb11u1
MEDIUM5.3Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
from 0, < 2.4.56-1~deb11u1
MEDIUM5.3read beyond bounds via ap_rwrite()
from 0, < 2.4.54-1~deb11u1
MEDIUM5.3Unexpected URL matching with 'MergeSlashes OFF'
from 0, < 2.4.46-6
MEDIUM5.3apache2 - security update
from 0, < 2.4.48-2
MEDIUM5.3apache2 - security update
from 0, < 2.4.59-1~deb10u1
MEDIUM5.3IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_re…
from 0, < 2.4.25-1
MEDIUM5.3In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
from 0, < 2.4.43-1
MEDIUM5.3A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38.
from 0, < 2.4.38-3
MEDIUM5.3A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38.
from 0, < 2.4.38-3
MEDIUM5.3apache2 - security update
from 0, < 2.4.25-3+deb9u7
MEDIUM5.3apache2 - security update
from 0, < 2.4.38-1
MEDIUM5.3In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the def…
from 0, < 2.4.33-1
MEDIUM4.8Apache HTTP Server: mod_auth_digest timing attack
from 0, < 2.4.67-1~deb11u1
MEDIUM4.2A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38.
from 0, < 2.4.38-3
—The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require direc…
from 0, < 2.4.16-1
—apache2 - security update
from 0, < 2.2.16-6+squeeze15
—apache2 - security update
from 0, < 2.2.22-13+deb7u5
—apache2 - security update
from 0, < 2.4.16-1
—The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to…
from 0, < 2.4.10-10
—mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which t…
from 0, < 2.4.10-9
—The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers…
from 0, < 2.4.10-8
—The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows r…
from 0, < 2.4.10-3
—The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a den…
from 0, < 2.4.10-1
—Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-…
from 0, < 2.4.10-1
—apache2 - security update
from 0, < 2.4.10-1
—apache2 - security update
from 0, < 2.2.22-13+deb7u3
—The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a den…
from 0, < 2.4.10-1
—The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forw…
from 0, < 2.4.7-1
—apache2 - security update
from 0, < 2.2.16-6+squeeze14
—apache2 - security update
from 0, < 2.4.10-2
—The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to…
from 0, < 2.4.9-1
—apache2 - security update
from 0, < 2.2.16-6+squeeze13
—apache2 - security update
from 0, < 2.4.9-1
—mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without…
from 0, < 2.4.6-1
—mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attacke…
from 0, < 2.4.6-1
—mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-prin…
from 0, < 2.4.1-1
—The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 fo…
from 0, < 2.2.22-13
—Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in th…
from 0, < 2.2.22-13
—apache2 - several
from 0, < 2.2.16-6+squeeze11
—apache2 - several
from 0, < 2.2.22-13
—apache2 - several
from 0, < 2.2.22-1
—apache2 - several
from 0, < 2.2.16-6+squeeze10
—nginx - information leak
from 0, < 2.2.22-12
—Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in…
from 0, < 2.2.22-8
—apache2 - insecure default configuration
from 0, < 2.2.22-4
—apache2 - insecure default configuration
from 0, < 2.2.16-6+squeeze7
—protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request…
from 0, < 2.2.22-1
—The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded M…
from 0, < 2.2.22-1
—scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdow…
from 0, < 2.2.22-1
—The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demon…
from 0, < 2.2.15-3
—The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179…
from 0, < 2.2.21-3
—The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, d…
from 0, < 2.2.18-1
—The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif mod…
from 0, < 2.4.1-1
—Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when…
from 0, < 2.2.21-4
—apache2 - multiple issues
from 0, < 2.2.16-6+squeeze6
—apache2 - multiple issues
from 0, < 2.2.21-2
—The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remot…
from 0, < 2.2.21-1
—apache2 - denial of service
from 0, < 2.2.19-2
—apache2 - denial of service
from 0, < 2.2.9-10+lenny10
—apache2 - failure to drop root privileges
from 0, < 2.2.16-6+squeeze1
—apache2 - failure to drop root privileges
from 0, < 2.2.17-2
—apr-util - denial of service
from 0, < 2.2.16-3
—mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when readin…
from 0, < 2.2.9-10
—The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service…
from 0, < 2.2.16-1
—The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not…
from 0, < 2.2.15-1
—apache2 - several issues
from 0, < 2.2.15-1
—apache2 - several issues
from 0, < 2.2.9-10+lenny7
—The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text int…
from 0
—The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether…
from 0
—The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary comman…
from 0, < 2.2.13-2
—apache2 - several issues
from 0, < 2.2.13-2
—apache2 - several issues
from 0, < 2.2.3-4+etch11
—The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connect…
from 0, < 2.2.11-7
—apache2 apache2-mpm-itk - denial of service
from 0, < 2.2.3-4+etch9
—apache2 apache2-mpm-itk - denial of service
from 0, < 2.2.11-7
—apache2 apache2-mpm-itk - privilege escalation
from 0, < 2.2.3-4+etch8
—apache2 apache2-mpm-itk - privilege escalation
from 0, < 2.2.11-6
—mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, int…
from 0, < 2.2.11-4
—Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in th…
from 0, < 2.2.9-7
—apache2 - denial of service (memory leak in mod_ssl)
from 0, < 2.2.8-4~lenny1
—apache2 - denial of service (memory leak in mod_ssl)
from 0, < 2.2.8-4
—The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not…
from 0, < 2.2.9-1
—Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF…
from 0, < 2.2.8-1
—CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earl…
from 0
—Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0…
from 0, < 2.2.22-8
—mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allow…
from 0, < 2.2.8-1
—Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote at…
from 0, < 2.2.9-1
—Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows rem…
from 0, < 2.2.8-1
—The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module…
from 0, < 2.2.8-1
—Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 thro…
from 0, < 2.2.8-1
—Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.6…
from 0, < 2.2.8-1
—Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "…
from 0, < 2.2.6-3
—The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers t…
from 0, < 2.2.6-1
—cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is…
from 0, < 2.2.4-1
—Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is ena…
from 0, < 2.2.4-2
—Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences exec…
from 0
—Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker…
from 0, < 2.2.4-2
—suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local…
from 0
—suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document roo…
from 0, < 2.2.8-5
—Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local…
from 0, < 2.2.8-5
—The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of servi…
from 0
—apache2 - buffer overflow
from 0, < 2.0.55-4.1
—apache2 - buffer overflow
from 0, < 2.0.54-5sarge1
—http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before…
from 0, < 2.0.55-4.1
—mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote…
from 0, < 2.0.55-4
—apache - missing input sanitising
from 0, < 2.0.55-4
—Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memo…
from 0, < 2.0.55-1
—libapache-mod-ssl - acl restriction bypass
from 0, < 2.0.54-5
—The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP hea…
from 0, < 2.0.54-5
—apache2 - several
from 0, < 2.0.54-5
—apache2 - several
from 0, < 2.0.54-5
—apache - programming error
from 0, < 2.0.54-5
—Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument.
from 0, < 2.0.54-3
—Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a M…
from 0, < 2.0.52-2
—Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to res…
from 0, < 2.0.52
—The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remo…
from 0, < 2.0.52-2
—The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (ch…
from 0, < 2.0.51
—The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers t…
from 0, < 2.0.50-11
—mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection i…
from 0, < 2.0.51
—libapache-mod-dav - null pointer dereference
from 0, < 2.0.51-1
—The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and…
from 0, < 2.0.50-1
—libapache-mod-ssl - several vulnerabilities
from 0, < 2.0.50-1
—Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumpti…
from 0, < 2.0.52
—mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allo…
from 0, < 2.0.53-1
—The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process g…
from 0
—mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send…
from 0, < 2.0.48
—Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration…
from 0, < 2.0.48
—Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegoti…
from 0, < 2.0.47
—Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when…
from 0, < 2.0.47
—The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
from 0, < 2.0.47
—The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt…
from 0, < 2.0.46
—Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote atta…
from 0, < 2.0.46
—A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of li…
from 0, < 2.0.45
—Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of s…
from 0, < 2.0.46
—Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could m…
from 0, < 2.0.46
—Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences in…
from 0, < 2.0.49
—Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI en…
from 0, < 2.0.43
—Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalNa…
from 0, < 2.0.43-1
—mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a n…
from 0, < 2.0.42
—Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a reque…
from 0, < 2.0.40
—Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files…
from 0, < 2.0.40
—Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitra…
from 0, < 2.0.37
—The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that…
from 0, < 2.0.36
—mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time a…
from 0