Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 281 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-03-09 | CVE-2016-8612 | Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. | Http_server, Storage_automation_store, Enterprise_linux | 4.3 | ||
| 2018-07-26 | CVE-2017-12171 | A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. | Http_server, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 1996-12-10 | CVE-1999-0045 | List of arbitrary files on Web host via nph-test-cgi script. | Http_server, Commerce_server, Communications_server, Enterprise_server | N/A | ||
| 1997-01-01 | CVE-1999-0236 | ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | Http_server, Ncsa_httpd | 7.5 | ||
| 1997-09-01 | CVE-1999-0071 | Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | Http_server | N/A | ||
| 1997-12-30 | CVE-1999-0107 | Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | Http_server | N/A | ||
| 1999-12-12 | CVE-1999-0289 | The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | Http_server | N/A | ||
| 2022-06-09 | CVE-2022-28330 | Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. | Http_server | 5.3 | ||
| 1999-06-03 | CVE-1999-1412 | A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | Http_server, Macos | N/A | ||
| 2001-12-31 | CVE-2001-1534 | mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. | Http_server | N/A |