pkg:Debian/apache2
288 total CVEsCRITICAL32HIGH87MEDIUM39
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2021-42013⚠ KEVPath Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)from 0, < 2.4.51-1
- CRITICAL9.8CVE-2021-41773⚠ KEVPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49from 0, < 2.4.50-1
- CRITICAL9.1CVE-2024-38475⚠ KEVApache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.from 0, < 2.4.61-1~deb11u1
- from 0, < 2.4.51-1~deb11u1
- from 0, < 2.4.38-3
- CRITICAL9.8CVE-2026-28780Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()from 0, < 2.4.67-1~deb11u1
- CRITICAL9.8CVE-2024-38476Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirectfrom 0, < 2.4.61-1~deb11u1
- from 0, < 2.4.61-1~deb11u1
- from 0, < 2.4.38-3+deb10u10
- from 0, < 2.4.56-1~deb11u1
- from 0, < 2.4.54-1~deb11u1
- from 0, < 2.2.14-2
- from 0, < 2.4.53-1~deb11u1
- CRITICAL9.8CVE-2022-22720HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlierfrom 0, < 2.4.53-1~deb11u1
- CRITICAL9.8CVE-2021-44790Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlierfrom 0, < 2.4.52-1~deb11u2
- from 0, < 2.4.51-1~deb11u1
- from 0, < 2.4.46-6
- from 0, < 2.4.46-1
- from 0, < 2.4.38-3+deb10u4
- CRITICAL9.8CVE-2018-1312In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not c…from 0, < 2.4.33-1
- CRITICAL9.8CVE-2017-7679In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious C…from 0, < 2.4.25-4
- CRITICAL9.8CVE-2017-3169In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_p…from 0, < 2.4.25-4
- from 0, < 2.2.22-13+deb7u9
- from 0, < 2.4.25-4
- from 0, < 2.4.10-10+deb8u9
- from 0, < 2.4.65-1~deb11u1
- from 0, < 2.4.54-1~deb11u1
- CRITICAL9.1CVE-2022-22721core: Possible buffer overflow with very large or unlimited LimitXMLRequestBodyfrom 0, < 2.4.53-1~deb11u1
- CRITICAL9.1CVE-2019-10082In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed…from 0, < 2.4.41-1
- from 0, < 2.2.22-13+deb7u10
- from 0, < 2.4.10-10+deb8u10
- from 0, < 2.4.27-1
- from 0, < 2.4.56-1~deb11u1
- from 0, < 2.4.67-1~deb12u2
- from 0, < 2.4.67-1~deb11u1
- from 0, < 2.4.66-1~deb11u1
- HIGH8.2CVE-2021-44224Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlierfrom 0, < 2.4.52-1~deb11u2
- HIGH8.2CVE-2021-44224Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlierfrom 0, < 2.4.25-3+deb9u12
- HIGH8.2CVE-2021-44224Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlierfrom 0, < 2.4.38-3+deb10u7
- from 0, < 2.4.61-1~deb11u1
- HIGH8.1CVE-2017-15715In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, r…from 0, < 2.4.33-1
- from 0, < 2.2.22-13+deb7u7
- from 0, < 2.4.23-2
- from 0, < 2.4.10-10+deb8u5
- HIGH7.8CVE-2004-0747Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow dur…from 0, < 2.0.51
- from 0, < 2.4.67-1~deb11u1
- HIGH7.5CVE-2026-34059Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()from 0, < 2.4.67-1~deb11u1
- from 0, < 2.4.66-1~deb11u1
- from 0, < 2.4.66-1~deb11u1
- from 0, < 2.4.66-1~deb11u1
- from 0, < 2.4.65-1~deb11u1
- from 0, < 2.4.65-1~deb11u1
- from 0, < 2.4.65-1~deb11u1
- from 0, < 2.4.65-1~deb11u1
- from 0, < 2.4.65-1~deb11u1
- from 0, < 2.4.65-1~deb11u1
- from 0, < 2.4.65-1~deb11u1
- from 0, < 2.4.61-1~deb11u1
- HIGH7.5CVE-2024-38477Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious requestfrom 0, < 2.4.61-1~deb11u1
- HIGH7.5CVE-2024-27316Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation framesfrom 0, < 2.4.59-1~deb11u1
- from 0, < 2.4.59-1~deb11u1
- from 0, < 2.4.59-1~deb11u1
- from 0, < 2.4.59-1~deb11u1
- from 0, < 2.4.56-1~deb11u1
- from 0, < 2.4.38-3+deb10u9
- from 0, < 2.4.56-1~deb11u1
- from 0, < 2.4.56-1~deb11u1
- from 0, < 2.4.54-1~deb11u1
- from 0, < 2.4.54-1~deb11u1
- from 0, < 2.4.54-1~deb11u1
- from 0, < 2.4.54-1~deb11u1
- from 0, < 2.4.25-3+deb9u13
- from 0, < 2.4.53-1~deb11u1
- from 0, < 2.4.50-1
- from 0, < 2.4.51-1~deb11u1
- from 0, < 2.4.51-1~deb11u1
- from 0, < 2.4.25-3+deb9u11
- from 0, < 2.4.38-3+deb10u6
- from 0, < 2.4.48-3.1+deb11u1
- from 0, < 2.4.46-5
- from 0, < 2.4.46-6
- from 0, < 2.4.46-6
- from 0, < 2.4.46-1
- HIGH7.5CVE-2020-11993Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, loggi…from 0, < 2.4.46-1
- from 0, < 2.4.41-1
- from 0, < 2.4.25-3+deb9u8
- HIGH7.5CVE-2019-9517Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service.from 0, < 2.4.41-1
- from 0, < 2.4.10-10+deb8u14
- from 0, < 2.4.38-3
- HIGH7.5CVE-2019-0215In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3…from 0, < 2.4.38-3
- from 0, < 2.4.38-1
- from 0, < 2.4.38-1
- from 0, < 2.4.10-10+deb8u13
- HIGH7.5CVE-2018-8011By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault.from 0, < 2.4.34-1
- HIGH7.5CVE-2018-1333By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a deni…from 0, < 2.4.34-1
- HIGH7.5CVE-2018-1303A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while…from 0, < 2.4.33-1
- from 0, < 2.4.33-1
- from 0, < 2.2.22-13+deb7u13
- from 0, < 2.4.10-10+deb8u12
- from 0, < 2.2.22-13+deb7u12
- from 0, < 2.4.27-6
- from 0, < 2.4.10-10+deb8u11
- from 0, < 2.2.22-13+deb7u11
- from 0, < 2.4.25-1
- from 0, < 2.2.22-13+deb7u8
- HIGH7.5CVE-2016-2161In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continu…from 0, < 2.4.25-1
- from 0, < 2.4.25-1
- from 0, < 2.4.10-10+deb8u8
- HIGH7.5CVE-2017-7659A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash…from 0, < 2.4.25-4
- HIGH7.5CVE-2017-7668The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token(…from 0, < 2.4.25-4
- HIGH7.5CVE-2016-8740The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restric…from 0, < 2.4.25-1
- HIGH7.5CVE-2016-4979The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient requ…from 0, < 2.4.23-1
- HIGH7.5CVE-2002-1850mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumpt…from 0, < 2.0.42-1
- from 0, < 2.4.65-1~deb11u1
- from 0, < 2.4.67-1~deb11u1
- from 0, < 2.4.59-1~deb11u1
- from 0, < 2.4.38-3+deb10u5
- from 0, < 2.4.46-6
- HIGH7.2CVE-2019-10097In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol…from 0, < 2.4.41-1
- MEDIUM6.5CVE-2026-33523Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status linefrom 0, < 2.4.67-1~deb11u1
- from 0, < 2.4.66-1~deb11u1
- from 0, < 2.4.65-1
- from 0, < 2.4.59-1~deb11u1
- MEDIUM6.2CVE-2024-39884Apache HTTP Server: source code disclosure with handlers configured via AddTypefrom 0, < 2.4.61-1
- from 0, < 2.4.25-3+deb9u10
- from 0, < 2.4.43-1
- from 0, < 2.4.25-3+deb9u9
- from 0, < 2.4.41-1
- from 0, < 2.4.10-10+deb8u15
- MEDIUM6.1CVE-2019-10098In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by e…from 0, < 2.4.41-1
- MEDIUM6.1CVE-2016-4975Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir.from 0, < 2.4.25-1
- MEDIUM6.1CVE-2007-4465Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated…from 0, < 2.2.6-1
- from 0, < 2.4.59-1~deb11u1
- MEDIUM5.9CVE-2018-11763In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CP…from 0, < 2.4.35-1
- MEDIUM5.9CVE-2018-1302When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer p…from 0, < 2.4.33-1
- MEDIUM5.9CVE-2018-1301A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size l…from 0, < 2.4.33-1
- MEDIUM5.9CVE-2016-1546The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single…from 0, < 2.4.20-1
- from 0, < 2.4.66-1~deb11u1
- from 0, < 2.4.61-1~deb11u1
- from 0, < 2.4.61-1~deb11u1
- from 0, < 2.4.67-1~deb11u1
- MEDIUM5.3CVE-2026-34032Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)from 0, < 2.4.67-1~deb11u1
- from 0, < 2.4.67-1~deb11u1
- MEDIUM5.3CVE-2024-40725Apache HTTP Server: source code disclosure with handlers configured via AddTypefrom 0, < 2.4.62-1~deb11u1
- MEDIUM5.3CVE-2022-37436Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splittingfrom 0, < 2.4.56-1~deb11u1
- from 0, < 2.4.54-1~deb11u1
- from 0, < 2.4.46-6
- from 0, < 2.4.59-1~deb10u1
- from 0, < 2.4.48-2
- MEDIUM5.3CVE-2020-11985IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_re…from 0, < 2.4.25-1
- MEDIUM5.3CVE-2020-1934In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.from 0, < 2.4.43-1
- from 0, < 2.4.38-3
- from 0, < 2.4.38-3
- from 0, < 2.4.38-1
- from 0, < 2.4.25-3+deb9u7
- MEDIUM5.3CVE-2018-1283In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the def…from 0, < 2.4.33-1
- from 0, < 2.4.67-1~deb11u1
- from 0, < 2.4.38-3
- —CVE-2015-3185The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require direc…from 0, < 2.4.16-1
- from 0, < 2.4.16-1
- from 0, < 2.2.16-6+squeeze15
- from 0, < 2.2.22-13+deb7u5
- —CVE-2015-0228The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to…from 0, < 2.4.10-10
- —CVE-2014-8109mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which t…from 0, < 2.4.10-9
- —CVE-2014-3583The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers…from 0, < 2.4.10-8
- —CVE-2014-3581The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows r…from 0, < 2.4.10-3
- —CVE-2014-0231The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a den…from 0, < 2.4.10-1
- —CVE-2014-0226Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-…from 0, < 2.4.10-1
- from 0, < 2.4.10-1
- from 0, < 2.2.22-13+deb7u3
- —CVE-2014-0117The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a den…from 0, < 2.4.10-1
- —CVE-2013-4352The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forw…from 0, < 2.4.7-1
- from 0, < 2.2.16-6+squeeze14
- from 0, < 2.4.10-2
- —CVE-2014-0098The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to…from 0, < 2.4.9-1
- from 0, < 2.4.9-1
- from 0, < 2.2.16-6+squeeze13
- —CVE-2013-2249mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without…from 0, < 2.4.6-1
- —CVE-2013-1896mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attacke…from 0, < 2.4.6-1
- —CVE-2013-1862mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-prin…from 0, < 2.4.1-1
- —CVE-2013-1048The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 fo…from 0, < 2.2.22-13
- —CVE-2012-4558Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in th…from 0, < 2.2.22-13
- from 0, < 2.2.22-13
- from 0, < 2.2.16-6+squeeze11
- from 0, < 2.2.22-1
- from 0, < 2.2.16-6+squeeze10
- from 0, < 2.2.22-12
- —CVE-2012-2687Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in…from 0, < 2.2.22-8
- from 0, < 2.2.16-6+squeeze7
- from 0, < 2.2.22-4
- —CVE-2012-0053protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request…from 0, < 2.2.22-1
- —CVE-2012-0021The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded M…from 0, < 2.2.22-1
- —CVE-2012-0031scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdow…from 0, < 2.2.22-1
- —CVE-2007-6750The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demon…from 0, < 2.2.15-3
- —CVE-2011-4317The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179…from 0, < 2.2.21-3
- —CVE-2011-3639The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, d…from 0, < 2.2.18-1
- —CVE-2011-4415The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif mod…from 0, < 2.4.1-1
- —CVE-2011-3607Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when…from 0, < 2.2.21-4
- from 0, < 2.2.16-6+squeeze6
- from 0, < 2.2.21-2
- —CVE-2011-3348The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remot…from 0, < 2.2.21-1
- from 0, < 2.2.19-2
- from 0, < 2.2.9-10+lenny10
- from 0, < 2.2.17-2
- from 0, < 2.2.16-6+squeeze1
- from 0, < 2.2.16-3
- —CVE-2010-2791mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when readin…from 0, < 2.2.9-10
- —CVE-2010-1452The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service…from 0, < 2.2.16-1
- —CVE-2010-0434The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not…from 0, < 2.2.15-1
- from 0, < 2.2.15-1
- from 0, < 2.2.9-10+lenny7
- —CVE-2003-1581The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text int…from 0
- —CVE-2003-1580The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether…from 0
- —CVE-2009-3095The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary comman…from 0, < 2.2.13-2
- from 0, < 2.2.3-4+etch11
- from 0, < 2.2.13-2
- —CVE-2009-1891The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connect…from 0, < 2.2.11-7
- from 0, < 2.2.11-7
- from 0, < 2.2.3-4+etch9
- from 0, < 2.2.3-4+etch8
- from 0, < 2.2.11-6
- —CVE-2009-1191mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, int…from 0, < 2.2.11-4
- —CVE-2008-2939Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in th…from 0, < 2.2.9-7
- from 0, < 2.2.8-4
- from 0, < 2.2.8-4~lenny1
- —CVE-2008-2364The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not…from 0, < 2.2.9-1
- —CVE-2008-2168Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF…from 0, < 2.2.8-1
- —CVE-2008-0456CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earl…from 0
- —CVE-2008-0455Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0…from 0, < 2.2.22-8
- —CVE-2007-6420Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote at…from 0, < 2.2.9-1
- —CVE-2008-0005mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allow…from 0, < 2.2.8-1
- —CVE-2007-6421Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows rem…from 0, < 2.2.8-1
- —CVE-2007-6422The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module…from 0, < 2.2.8-1
- —CVE-2007-6388Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 thro…from 0, < 2.2.8-1
- —CVE-2007-5000Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.6…from 0, < 2.2.8-1
- —CVE-2007-6203Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "…from 0, < 2.2.6-3
- —CVE-2007-3847The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers t…from 0, < 2.2.6-1
- —CVE-2007-1863cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is…from 0, < 2.2.4-1
- —CVE-2006-5752Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is ena…from 0, < 2.2.4-2
- —CVE-2007-3303Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences exec…from 0
- —CVE-2007-3304Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker…from 0, < 2.2.4-2
- —CVE-2007-1743suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local…from 0
- —CVE-2007-1742suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document roo…from 0, < 2.2.8-5
- —CVE-2007-1741Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local…from 0, < 2.2.8-5
- —CVE-2007-0086The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of servi…from 0
- from 0, < 2.0.54-5sarge1
- from 0, < 2.0.55-4.1
- —CVE-2006-3918http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before…from 0, < 2.0.55-4.1
- —CVE-2005-3357mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote…from 0, < 2.0.55-4
- from 0, < 2.0.55-4
- —CVE-2005-2970Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memo…from 0, < 2.0.55-1
- from 0, < 2.0.54-5
- —CVE-2005-2728The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP hea…from 0, < 2.0.54-5
- from 0, < 2.0.54-5
- from 0, < 2.0.54-5
- from 0, < 2.0.54-5
- —CVE-2005-1344Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument.from 0, < 2.0.54-3
- —CVE-2004-0942Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a M…from 0, < 2.0.52-2
- —CVE-2004-0811Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to res…from 0, < 2.0.52
- —CVE-2004-0885The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remo…from 0, < 2.0.52-2
- —CVE-2004-0748mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection i…from 0, < 2.0.51
- —CVE-2004-0751The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers t…from 0, < 2.0.50-11
- —CVE-2004-0786The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (ch…from 0, < 2.0.51
- from 0, < 2.0.51-1
- —CVE-2004-0493The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and…from 0, < 2.0.50-1
- from 0, < 2.0.50-1
- —CVE-2004-0113Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumpti…from 0, < 2.0.52
- —CVE-2004-1834mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allo…from 0, < 2.0.53-1
- —CVE-2003-1307The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process g…from 0
- —CVE-2003-0789mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send…from 0, < 2.0.48
- —CVE-2003-0542Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration…from 0, < 2.0.48
- —CVE-2003-0192Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegoti…from 0, < 2.0.47
- —CVE-2003-0254Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when…from 0, < 2.0.47
- —CVE-2003-0253The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.from 0, < 2.0.47
- —CVE-2003-0245Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote atta…from 0, < 2.0.46
- —CVE-2003-0189The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt…from 0, < 2.0.46
- —CVE-2003-0132A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of li…from 0, < 2.0.45
- —CVE-2003-0134Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of s…from 0, < 2.0.46
- —CVE-2003-0083Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could m…from 0, < 2.0.46
- —CVE-2003-0020Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences in…from 0, < 2.0.49
- —CVE-2002-1156Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI en…from 0, < 2.0.43
- —CVE-2002-0840Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalNa…from 0, < 2.0.43-1
- —CVE-2002-1593mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a n…from 0, < 2.0.42
- —CVE-2002-0654Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a reque…from 0, < 2.0.40
- —CVE-2002-0661Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files…from 0, < 2.0.40
- —CVE-2002-0392Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitra…from 0, < 2.0.37
- —CVE-2002-1592The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that…from 0, < 2.0.36
- —CVE-2001-1534mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time a…from 0