Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 281 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-12-29 | CVE-2014-8109 | mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and... | Http_server, Ubuntu_linux, Fedora, Enterprise_manager_ops_center | N/A | ||
| 2018-03-09 | CVE-2016-8612 | Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. | Http_server, Storage_automation_store, Enterprise_linux | 4.3 | ||
| 2018-07-26 | CVE-2017-12171 | A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. | Http_server, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 1996-12-10 | CVE-1999-0045 | List of arbitrary files on Web host via nph-test-cgi script. | Http_server, Commerce_server, Communications_server, Enterprise_server | N/A | ||
| 1997-01-01 | CVE-1999-0236 | ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | Http_server, Ncsa_httpd | 7.5 | ||
| 1997-09-01 | CVE-1999-0071 | Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | Http_server | N/A | ||
| 1997-12-30 | CVE-1999-0107 | Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | Http_server | N/A | ||
| 1999-12-12 | CVE-1999-0289 | The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | Http_server | N/A | ||
| 2022-06-09 | CVE-2022-28330 | Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. | Http_server | 5.3 | ||
| 1999-06-03 | CVE-1999-1412 | A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | Http_server, Macos | N/A |