Filtered by vendor Apache Subscriptions
Filtered by product Http Server Subscriptions
Total 306 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-38709 2 Apache, Redhat 3 Http Server, Enterprise Linux, Jboss Core Services 2024-11-05 7.3 High
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVE-2024-38476 3 Apache, Netapp, Redhat 9 Http Server, Clustered Data Ontap, Enterprise Linux and 6 more 2024-10-29 9.8 Critical
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVE-2023-27522 4 Apache, Debian, Redhat and 1 more 6 Http Server, Debian Linux, Enterprise Linux and 3 more 2024-10-23 7.5 High
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
CVE-2023-45802 4 Apache, Debian, Fedoraproject and 1 more 6 Http Server, Debian Linux, Fedora and 3 more 2024-10-15 5.9 Medium
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-43622 2 Apache, Redhat 2 Http Server, Enterprise Linux 2024-09-17 7.5 High
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-31122 3 Apache, Fedoraproject, Redhat 4 Http Server, Fedora, Enterprise Linux and 1 more 2024-09-17 7.5 High
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
CVE-2012-4001 2 Apache, Google 2 Http Server, Mod Pagespeed 2024-09-17 N/A
The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
CVE-2018-1333 4 Apache, Canonical, Netapp and 1 more 7 Http Server, Ubuntu Linux, Cloud Backup and 4 more 2024-09-17 N/A
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
CVE-2017-15710 5 Apache, Canonical, Debian and 2 more 10 Http Server, Ubuntu Linux, Debian Linux and 7 more 2024-09-17 N/A
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
CVE-2002-2103 1 Apache 1 Http Server 2024-09-17 N/A
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
CVE-2001-1534 1 Apache 1 Http Server 2024-09-17 N/A
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
CVE-2018-1302 4 Apache, Canonical, Netapp and 1 more 7 Http Server, Ubuntu Linux, Clustered Data Ontap and 4 more 2024-09-17 N/A
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
CVE-2018-11763 5 Apache, Canonical, Netapp and 2 more 11 Http Server, Ubuntu Linux, Storage Automation Store and 8 more 2024-09-17 N/A
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2017-15715 5 Apache, Canonical, Debian and 2 more 10 Http Server, Ubuntu Linux, Debian Linux and 7 more 2024-09-17 N/A
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
CVE-2018-1303 5 Apache, Canonical, Debian and 2 more 10 Http Server, Ubuntu Linux, Debian Linux and 7 more 2024-09-17 N/A
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.
CVE-2013-0941 3 Apache, Microsoft, Rsa 7 Http Server, Internet Information Server, Windows and 4 more 2024-09-17 N/A
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
CVE-2018-17189 7 Apache, Canonical, Debian and 4 more 14 Http Server, Ubuntu Linux, Debian Linux and 11 more 2024-09-17 5.3 Medium
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.
CVE-2002-2029 1 Apache 1 Http Server 2024-09-17 N/A
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
CVE-2003-1580 1 Apache 1 Http Server 2024-09-17 N/A
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2019-0190 3 Apache, Openssl, Oracle 6 Http Server, Openssl, Enterprise Manager Ops Center and 3 more 2024-09-16 7.5 High
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.