Jul, 2024 | CVE-2024-40725 | Apache HTTP Server: source code disclosure with handlers configured via AddType | 48,035 |
Jul, 2024 | CVE-2024-40898 | Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows | 2,119,935 |
Jul, 2024 | CVE-2024-39884 | Apache HTTP Server: source code disclosure with handlers configured via AddType | 899 |
Jul, 2024 | CVE-2024-38472 | Apache HTTP Server on WIndows UNC SSRF | 2,071,900 |
Jul, 2024 | CVE-2024-38473 | Apache HTTP Server proxy encoding problem | 2,071,900 |
Jul, 2024 | CVE-2024-38474 | Apache HTTP Server weakness with encoded question marks in backreferences | 2,071,900 |
Jul, 2024 | CVE-2024-38475 | Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. | 2,071,900 |
Jul, 2024 | CVE-2024-38476 | Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect | 2,071,900 |
Jul, 2024 | CVE-2024-38477 | Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request | 2,071,900 |
Jul, 2024 | CVE-2024-39573 | Apache HTTP Server: mod_rewrite proxy handler substitution | 2,071,900 |
Apr, 2024 | CVE-2023-38709 | Apache HTTP Server: HTTP response splitting | 2,438,659 |
Apr, 2024 | CVE-2024-24795 | Apache HTTP Server: HTTP Response Splitting in multiple modules | 1,956,670 |
Apr, 2024 | CVE-2024-27316 | Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames | 1,277,401 |
Oct, 2023 | CVE-2023-31122 | Apache HTTP Server: mod_macro buffer over-read | 2,376,473 |
Oct, 2023 | CVE-2023-43622 | Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 | 141,469 |
Oct, 2023 | CVE-2023-45802 | Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST | 1,215,215 |
Mar, 2023 | CVE-2023-25690 | Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy | 1,762,013 |
Mar, 2023 | CVE-2023-27522 | Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting | 704,043 |
Jan, 2023 | CVE-2006-20001 | Apache HTTP Server: mod_dav out of bounds read, or write of zero byte | 1,753,014 |
Jan, 2023 | CVE-2022-36760 | Apache HTTP Server: mod_proxy_ajp Possible request smuggling | 1,753,014 |
Jan, 2023 | CVE-2022-37436 | Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting | 2,235,004 |
Jun, 2022 | CVE-2022-28330 | read beyond bounds in mod_isapi | 2,168,026 |
Jun, 2022 | CVE-2022-28614 | read beyond bounds via ap_rwrite() | 2,185,266 |
Jun, 2022 | CVE-2022-28615 | Read beyond bounds in ap_strcmp_match() | 2,168,026 |
Jun, 2022 | CVE-2022-29404 | Denial of service in mod_lua r:parsebody | 2,185,266 |
Jun, 2022 | CVE-2022-30522 | mod_sed denial of service | 17,240 |
Jun, 2022 | CVE-2022-31813 | mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism | 2,168,026 |
Mar, 2022 | CVE-2022-22719 | mod_lua Use of uninitialized value of in r:parsebody | 2,019,392 |
Mar, 2022 | CVE-2022-22720 | HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier | 2,019,392 |
Mar, 2022 | CVE-2022-23943 | mod_sed: Read/write beyond bounds | 1,686,036 |
Dec, 2021 | CVE-2021-44790 | Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier | 2,006,326 |
Oct, 2021 | CVE-2021-41524 | null pointer dereference in h2 fuzzing | 647 |
Sep, 2021 | CVE-2021-34798 | NULL pointer dereference in httpd core | 1,986,539 |
Sep, 2021 | CVE-2021-39275 | ap_escape_quotes buffer overflow | 1,986,539 |
Sep, 2021 | CVE-2021-40438 | mod_proxy SSRF | 1,986,539 |
Jun, 2021 | CVE-2021-31618 | NULL pointer dereference on specially crafted HTTP/2 request | 282 |
Jun, 2021 | CVE-2019-17567 | mod_proxy_wstunnel tunneling of non Upgraded connections | 1,455,698 |
Jun, 2021 | CVE-2020-13938 | Improper Handling of Insufficient Privileges | 1,504,047 |
Jun, 2021 | CVE-2020-13950 | mod_proxy_http NULL pointer dereference | 247,492 |
Jun, 2021 | CVE-2020-35452 | mod_auth_digest possible stack overflow by one nul byte | 1,504,047 |
Jun, 2021 | CVE-2021-26690 | mod_session NULL pointer dereference | 1,504,047 |
Jun, 2021 | CVE-2021-26691 | Apache HTTP Server mod_session response handling heap overflow | 1,504,047 |
Jun, 2021 | CVE-2021-30641 | Unexpected URL matching with 'MergeSlashes OFF' | 265,838 |
Apr, 2019 | CVE-2019-0215 | In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location clien... | 166,164 |
Jan, 2019 | CVE-2018-17189 | In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to pl... | 1,554,223 |
Mar, 2018 | CVE-2018-1301 | A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due t... | 1,539,959 |
Mar, 2018 | CVE-2018-1302 | When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4... | 1,539,959 |
Mar, 2018 | CVE-2018-1303 | A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2... | 1,539,959 |
Jul, 2017 | CVE-2017-9789 | When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would s... | 1,855 |
Jun, 2017 | CVE-2017-7668 | The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token li... | 1,537 |
Jul, 2015 | CVE-2015-3183 | The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly... | 1,158,689 |
Mar, 2015 | CVE-2015-0228 | The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server thr... | 1,158,667 |
Dec, 2014 | CVE-2014-3583 | The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Serv... | 1,073,560 |
Oct, 2014 | CVE-2014-3581 | The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Ap... | 1,155,834 |
Jul, 2014 | CVE-2013-4352 | The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache... | 530,359 |
Jul, 2014 | CVE-2014-0231 | The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which... | 1,073,560 |
Apr, 2014 | CVE-2013-5704 | The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHe... | 347,021 |
Mar, 2014 | CVE-2013-6438 | The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before... | 1,071,266 |
Mar, 2014 | CVE-2014-0098 | The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server b... | 1,071,266 |
Jul, 2013 | CVE-2013-2249 | mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with... | 530,338 |
Jul, 2013 | CVE-2013-1896 | mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled... | 432,967 |
Apr, 2012 | CVE-2012-0883 | envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name... | 527,125 |
Jan, 2012 | CVE-2012-0031 | scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial ... | 344,051 |
Sep, 2011 | CVE-2011-3348 | The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer ... | 344,051 |
Sep, 2009 | CVE-2009-3095 | The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access... | 3,449,155 |
Jul, 2009 | CVE-2009-1890 | The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server... | 481,989 |
Apr, 2009 | CVE-2009-1191 | mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers... | 188,263 |
Jan, 2008 | CVE-2007-6420 | Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Ap... | 89,358 |
Sep, 2007 | CVE-2007-4465 | Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, ... | 155,121 |
Sep, 2004 | CVE-2003-0016 | Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote a... | 71,357 |
Jul, 2003 | CVE-2003-0460 | The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly igno... | 3,250 |
Jun, 2002 | CVE-2001-1342 | Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of servic... | 957 |