Product:

Http_server

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 66
Date Id Summary Products Score Patch Annotated
2020-01-15 CVE-2020-2545 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3... Http_server 5.3
2022-03-14 CVE-2022-23943 Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Http_server, Debian_linux, Fedora, Http_server, Zfs_storage_appliance_kit 9.8
2022-02-09 CVE-2022-0391 A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. Fedora, Active_iq_unified_manager, Hci, Hci_compute_node, Management_services_for_element_software, Ontap_select_deploy_administration_utility, Solidfire\,_enterprise_sds_\&_hci_storage_node, Http_server, Zfs_storage_appliance_kit, Python 7.5
2021-12-13 CVE-2021-43818 lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. Debian_linux, Fedora, Lxml, Hci_storage_node_firmware, Solidfire, Solidfire_enterprise_sds, Http_server, Zfs_storage_appliance_kit 7.1
2021-09-16 CVE-2021-34798 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Http_server, Instantis_enterprisetrack, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Tenable\.sc 7.5
2021-09-16 CVE-2021-40438 A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Http_server, Debian_linux, F5os, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Http_server, Instantis_enterprisetrack 9.0
2022-02-16 CVE-2022-25235 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit 9.8
2022-02-16 CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Debian_linux, Libexpat, Http_server, Zfs_storage_appliance_kit 9.8
2022-02-18 CVE-2022-25313 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit 6.5
2022-02-18 CVE-2022-25314 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit 7.5