Bug | Description |
---|
TEMP-0535886-8B62DC | apache2: htaccess override |
CVE-2024-40898 | SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost ... |
CVE-2024-40725 | A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4 ... |
CVE-2024-39884 | A regression in the core of Apache HTTP Server 2.4.60 ignores some use ... |
CVE-2024-39573 | Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier ... |
CVE-2024-38477 | null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and ... |
CVE-2024-38476 | Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vul ... |
CVE-2024-38475 | Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.5 ... |
CVE-2024-38474 | Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.5 ... |
CVE-2024-38473 | Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier ... |
CVE-2024-38472 | SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM ... |
CVE-2024-36387 | Serving WebSocket protocol upgrades over a HTTP/2 connection could res ... |
CVE-2024-27316 | HTTP/2 incoming headers exceeding the limit are temporarily buffered i ... |
CVE-2024-24795 | HTTP Response splitting in multiple modules in Apache HTTP Server allo ... |
CVE-2023-45802 | When a HTTP/2 stream was reset (RST frame) by a client, there was a ti ... |
CVE-2023-43622 | An attacker, opening a HTTP/2 connection with an initial window size o ... |
CVE-2023-38709 | Faulty input validation in the core of Apache allows malicious or expl ... |
CVE-2023-31122 | Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ... |
CVE-2023-27522 | HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ... |
CVE-2023-25690 | Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 thr ... |
CVE-2022-37436 | Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the ... |
CVE-2022-36760 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ... |
CVE-2022-31813 | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ... |
CVE-2022-30556 | Apache HTTP Server 2.4.53 and earlier may return lengths to applicatio ... |
CVE-2022-30522 | If Apache HTTP Server 2.4.53 is configured to do transformations with ... |
CVE-2022-29404 | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua ... |
CVE-2022-28615 | Apache HTTP Server 2.4.53 and earlier may crash or disclose informatio ... |
CVE-2022-28614 | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may ... |
CVE-2022-28330 | Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bound ... |
CVE-2022-26377 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ... |
CVE-2022-23943 | Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server all ... |
CVE-2022-22721 | If LimitXMLRequestBody is set to allow request bodies larger than 350M ... |
CVE-2022-22720 | Apache HTTP Server 2.4.52 and earlier fails to close inbound connectio ... |
CVE-2022-22719 | A carefully crafted request body can cause a read to a random memory a ... |
CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mo ... |
CVE-2021-44224 | A crafted URI sent to httpd configured as a forward proxy (ProxyReques ... |
CVE-2021-42013 | It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4 ... |
CVE-2021-41773 | A flaw was found in a change made to path normalization in Apache HTTP ... |
CVE-2021-41524 | While fuzzing the 2.4.49 httpd, a new null pointer dereference was det ... |
CVE-2021-40438 | A crafted request uri-path can cause mod_proxy to forward the request ... |
CVE-2021-39275 | ap_escape_quotes() may write beyond the end of a buffer when given mal ... |
CVE-2021-36160 | A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ... |
CVE-2021-34798 | Malformed requests may cause the server to dereference a NULL pointer. ... |
CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be for ... |
CVE-2021-31618 | Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ... |
CVE-2021-30641 | Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ... |
CVE-2021-26691 | In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted Ses ... |
CVE-2021-26690 | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ... |
CVE-2021-20325 | Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ... |
CVE-2020-35452 | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest ... |
CVE-2020-13950 | Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be mad ... |
CVE-2020-13938 | Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users c ... |
CVE-2020-11993 | Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ... |
CVE-2020-11985 | IP address spoofing when proxying using mod_remoteip and mod_rewrite F ... |
CVE-2020-11984 | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure an ... |
CVE-2020-9490 | Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ... |
CVE-2020-1934 | In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitial ... |
CVE-2020-1927 | In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_r ... |
CVE-2019-17567 | Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configu ... |
CVE-2019-10098 | In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_r ... |
CVE-2019-10097 | In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured ... |
CVE-2019-10092 | In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting iss ... |
CVE-2019-10082 | In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the h ... |
CVE-2019-10081 | HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configur ... |
CVE-2019-9517 | Some HTTP/2 implementations are vulnerable to unconstrained interal da ... |
CVE-2019-0220 | A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When ... |
CVE-2019-0217 | In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition i ... |
CVE-2019-0215 | In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl ... |
CVE-2019-0211 | In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, w ... |
CVE-2019-0197 | A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When ... |
CVE-2019-0196 | A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Usin ... |
CVE-2019-0190 | A bug exists in the way mod_ssl handled client renegotiations. A remot ... |
CVE-2018-17199 | In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks ... |
CVE-2018-17189 | In Apache HTTP server versions 2.4.37 and prior, by sending request bo ... |
CVE-2018-11763 | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large S ... |
CVE-2018-8011 | By specially crafting HTTP requests, the mod_md challenge handler woul ... |
CVE-2018-1333 | By specially crafting HTTP/2 requests, workers would be allocated 60 s ... |
CVE-2018-1312 | In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authen ... |
CVE-2018-1303 | A specially crafted HTTP request header could have crashed the Apache ... |
CVE-2018-1302 | When an HTTP/2 stream was destroyed after being handled, the Apache HT ... |
CVE-2018-1301 | A specially crafted request could have crashed the Apache HTTP Server ... |
CVE-2018-1283 | In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to for ... |
CVE-2017-15715 | In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMat ... |
CVE-2017-15710 | In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29 ... |
CVE-2017-12171 | A regression was found in the Red Hat Enterprise Linux 6.9 version of ... |
CVE-2017-9798 | Apache httpd allows remote attackers to read secret data from process ... |
CVE-2017-9789 | When under stress, closing many connections, the HTTP/2 handling code ... |
CVE-2017-9788 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value place ... |
CVE-2017-7679 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ... |
CVE-2017-7668 | The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.2 ... |
CVE-2017-7659 | A maliciously constructed HTTP/2 request could cause mod_http2 in Apac ... |
CVE-2017-3169 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl m ... |
CVE-2017-3167 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of th ... |
CVE-2016-8743 | Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was li ... |
CVE-2016-8740 | The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ... |
CVE-2016-5387 | The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 ... |
CVE-2016-4979 | The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_s ... |
CVE-2016-4975 | Possible CRLF injection allowing HTTP response splitting attacks for s ... |
CVE-2016-2161 | In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod ... |
CVE-2016-1546 | The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, d ... |
CVE-2016-0736 | In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was ... |
CVE-2015-3675 | The default configuration of the Apache HTTP Server on Apple OS X befo ... |
CVE-2015-3185 | The ap_some_auth_required function in server/request.c in the Apache H ... |
CVE-2015-3183 | The chunked transfer coding implementation in the Apache HTTP Server b ... |
CVE-2015-0253 | The read_request_line function in server/protocol.c in the Apache HTTP ... |
CVE-2015-0228 | The lua_websocket_read function in lua_request.c in the mod_lua module ... |
CVE-2014-8109 | mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2. ... |
CVE-2014-3583 | The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi ... |
CVE-2014-3581 | The cache_merge_headers_out function in modules/cache/cache_util.c in ... |
CVE-2014-3523 | Memory leak in the winnt_accept function in server/mpm/winnt/child.c i ... |
CVE-2014-0231 | The mod_cgid module in the Apache HTTP Server before 2.4.10 does not h ... |
CVE-2014-0226 | Race condition in the mod_status module in the Apache HTTP Server befo ... |
CVE-2014-0118 | The deflate_in_filter function in mod_deflate.c in the mod_deflate mod ... |
CVE-2014-0117 | The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, wh ... |
CVE-2014-0098 | The log_cookie function in mod_log_config.c in the mod_log_config modu ... |
CVE-2013-6438 | The dav_xml_get_cdata function in main/util.c in the mod_dav module in ... |
CVE-2013-5704 | The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ... |
CVE-2013-4352 | The cache_invalidate function in modules/cache/cache_storage.c in the ... |
CVE-2013-2249 | mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Ser ... |
CVE-2013-1896 | mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly de ... |
CVE-2013-1862 | mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2. ... |
CVE-2013-1048 | The Debian apache2ctl script in the apache2 package squeeze before 2.2 ... |
CVE-2012-4929 | The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ... |
CVE-2012-4558 | Multiple cross-site scripting (XSS) vulnerabilities in the balancer_ha ... |
CVE-2012-4557 | The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2. ... |
CVE-2012-3502 | The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp mo ... |
CVE-2012-3499 | Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP ... |
CVE-2012-2687 | Multiple cross-site scripting (XSS) vulnerabilities in the make_varian ... |
CVE-2012-0883 | envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 place ... |
CVE-2012-0216 | The default configuration of the apache2 package in Debian GNU/Linux s ... |
CVE-2012-0053 | protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not pro ... |
CVE-2012-0031 | scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow ... |
CVE-2012-0021 | The log_cookie function in mod_log_config.c in the mod_log_config modu ... |
CVE-2011-4415 | The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0 ... |
CVE-2011-4317 | The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ... |
CVE-2011-3639 | The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 an ... |
CVE-2011-3607 | Integer overflow in the ap_pregsub function in server/util.c in the Ap ... |
CVE-2011-3368 | The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ... |
CVE-2011-3348 | The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when ... |
CVE-2011-3192 | The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2. ... |
CVE-2011-1176 | The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ... |
CVE-2010-2791 | mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ... |
CVE-2010-2068 | mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 thr ... |
CVE-2010-1623 | Memory leak in the apr_brigade_split_line function in buckets/apr_brig ... |
CVE-2010-1452 | The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2. ... |
CVE-2010-0434 | The ap_read_request function in server/protocol.c in the Apache HTTP S ... |
CVE-2010-0425 | modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server ... |
CVE-2010-0408 | The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp ... |
CVE-2009-3555 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ... |
CVE-2009-3095 | The mod_proxy_ftp module in the Apache HTTP Server allows remote attac ... |
CVE-2009-3094 | The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the ... |
CVE-2009-1891 | The mod_deflate module in Apache httpd 2.2.11 and earlier compresses l ... |
CVE-2009-1890 | The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy mo ... |
CVE-2009-1195 | The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not proper ... |
CVE-2009-1191 | mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ... |
CVE-2008-2939 | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_pro ... |
CVE-2008-2364 | The ap_proxy_http_process_response function in mod_proxy_http.c in the ... |
CVE-2008-2168 | Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier a ... |
CVE-2008-1678 | Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c ... |
CVE-2008-0455 | Cross-site scripting (XSS) vulnerability in the mod_negotiation module ... |
CVE-2008-0005 | mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-de ... |
CVE-2007-6750 | The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a ... |
CVE-2007-6423 | Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server ... |
CVE-2007-6422 | The balancer_handler function in mod_proxy_balancer in the Apache HTTP ... |
CVE-2007-6421 | Cross-site scripting (XSS) vulnerability in balancer-manager in mod_pr ... |
CVE-2007-6420 | Cross-site request forgery (CSRF) vulnerability in the balancer-manage ... |
CVE-2007-6388 | Cross-site scripting (XSS) vulnerability in mod_status in the Apache H ... |
CVE-2007-6203 | Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method s ... |
CVE-2007-5000 | Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ... |
CVE-2007-4465 | Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apa ... |
CVE-2007-3847 | The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Ap ... |
CVE-2007-3304 | Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, al ... |
CVE-2007-1863 | cache_util.c in the mod_cache module in Apache HTTP Server (httpd), wh ... |
CVE-2007-1862 | The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ... |
CVE-2007-1742 | suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison f ... |
CVE-2007-1741 | Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ... |
CVE-2006-20001 | A carefully crafted If: request header can cause a memory read, or wri ... |
CVE-2006-5752 | Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_st ... |
CVE-2006-4110 | Apache 2.2.2, when running on Windows, allows remote attackers to read ... |
CVE-2006-3918 | http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 bef ... |
CVE-2006-3747 | Off-by-one error in the ldap scheme handling in the Rewrite module (mo ... |
CVE-2005-3357 | mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ... |
CVE-2005-3352 | Cross-site scripting (XSS) vulnerability in the mod_imap module of Apa ... |
CVE-2005-2970 | Memory leak in the worker MPM (worker.c) for Apache 2, in certain circ ... |
CVE-2005-2728 | The byte-range filter in Apache 2.0 before 2.0.54 allows remote attack ... |
CVE-2005-2700 | ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyCli ... |
CVE-2005-2088 | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ac ... |
CVE-2005-1344 | Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ex ... |
CVE-2005-1268 | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) veri ... |
CVE-2004-1834 | mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, inc ... |
CVE-2004-0942 | Apache webserver 2.0.52 and earlier allows remote attackers to cause a ... |
CVE-2004-0885 | The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SS ... |
CVE-2004-0811 | Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Sa ... |
CVE-2004-0809 | The mod_dav module in Apache 2.0.50 and earlier allows remote attacker ... |
CVE-2004-0786 | The IPv6 URI parsing routines in the apr-util library for Apache 2.0.5 ... |
CVE-2004-0751 | The char_buffer_read function in the mod_ssl module for Apache 2.x, wh ... |
CVE-2004-0748 | mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ... |
CVE-2004-0747 | Buffer overflow in Apache 2.0.50 and earlier allows local users to gai ... |
CVE-2004-0493 | The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows re ... |
CVE-2004-0488 | Stack-based buffer overflow in the ssl_util_uuencode_binary function i ... |
CVE-2004-0113 | Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 a ... |
CVE-2003-1138 | The default configuration of Apache 2.0.40, as shipped with Red Hat Li ... |
CVE-2003-0789 | mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ... |
CVE-2003-0542 | Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rew ... |
CVE-2003-0254 | Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ... |
CVE-2003-0253 | The prefork MPM in Apache 2 before 2.0.47 does not properly handle cer ... |
CVE-2003-0245 | Vulnerability in the apr_psprintf function in the Apache Portable Runt ... |
CVE-2003-0192 | Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3 ... |
CVE-2003-0189 | The authentication module for Apache 2.0.40 through 2.0.45 on Unix doe ... |
CVE-2003-0134 | Unknown vulnerability in filestat.c for Apache running on OS2, version ... |
CVE-2003-0132 | A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ... |
CVE-2003-0083 | Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ... |
CVE-2003-0020 | Apache does not filter terminal escape sequences from its error logs, ... |
CVE-2002-1850 | mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly re ... |
CVE-2002-1593 | mod_dav in Apache before 2.0.42 does not properly handle versioning ho ... |
CVE-2002-1592 | The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI app ... |
CVE-2002-1156 | Apache 2.0.42 allows remote attackers to view the source code of a CGI ... |
CVE-2002-0840 | Cross-site scripting (XSS) vulnerability in the default error page of ... |
CVE-2002-0661 | Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Wind ... |
CVE-2002-0654 | Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote a ... |
CVE-2002-0392 | Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remot ... |