Information on source package apache2

Available versions

ReleaseVersion
jessie2.4.10-10+deb8u12
jessie (security)2.4.10-10+deb8u16
stretch2.4.25-3+deb9u8
stretch (security)2.4.25-3+deb9u9
buster (security)2.4.38-3+deb10u3
bullseye2.4.41-1
sid2.4.41-1

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2008-0456vulnerablevulnerablevulnerablevulnerablevulnerableCRLF injection vulnerability in the mod_negotiation module in the Apac ...
CVE-2008-0455vulnerablevulnerablevulnerablevulnerablevulnerableCross-site scripting (XSS) vulnerability in the mod_negotiation module ...
CVE-2007-3303vulnerablevulnerablevulnerablevulnerablevulnerableApache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows loc ...
CVE-2007-1743vulnerablevulnerablevulnerablevulnerablevulnerablesuexec in Apache HTTP Server (httpd) 2.2.3 does not verify combination ...
CVE-2007-0086vulnerablevulnerablevulnerablevulnerablevulnerable
CVE-2003-1581vulnerablevulnerablevulnerablevulnerablevulnerableThe Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...
CVE-2003-1580vulnerablevulnerablevulnerablevulnerablevulnerableThe Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...
CVE-2003-1307vulnerablevulnerablevulnerablevulnerablevulnerable
CVE-2001-1534vulnerablevulnerablevulnerablevulnerablevulnerablemod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's u ...

Resolved issues

BugDescription
TEMP-0535886-8B62DCapache2: htaccess override
CVE-2019-9517Some HTTP/2 implementations are vulnerable to unconstrained interal da ...
CVE-2019-10098In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_r ...
CVE-2019-10097In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured ...
CVE-2019-10092In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting iss ...
CVE-2019-10082In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the h ...
CVE-2019-10081HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configur ...
CVE-2019-0220A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When ...
CVE-2019-0217In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition i ...
CVE-2019-0215In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl ...
CVE-2019-0211In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, w ...
CVE-2019-0197A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When ...
CVE-2019-0196A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Usin ...
CVE-2019-0190A bug exists in the way mod_ssl handled client renegotiations. A remot ...
CVE-2018-8011By specially crafting HTTP requests, the mod_md challenge handler woul ...
CVE-2018-17199In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks ...
CVE-2018-17189In Apache HTTP server versions 2.4.37 and prior, by sending request bo ...
CVE-2018-1333By specially crafting HTTP/2 requests, workers would be allocated 60 s ...
CVE-2018-1312In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authen ...
CVE-2018-1303A specially crafted HTTP request header could have crashed the Apache ...
CVE-2018-1302When an HTTP/2 stream was destroyed after being handled, the Apache HT ...
CVE-2018-1301A specially crafted request could have crashed the Apache HTTP Server ...
CVE-2018-1283In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to for ...
CVE-2018-11763In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large S ...
CVE-2017-9798Apache httpd allows remote attackers to read secret data from process ...
CVE-2017-9789When under stress, closing many connections, the HTTP/2 handling code ...
CVE-2017-9788In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value place ...
CVE-2017-7679In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ...
CVE-2017-7668The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.2 ...
CVE-2017-7659A maliciously constructed HTTP/2 request could cause mod_http2 in Apac ...
CVE-2017-3169In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl m ...
CVE-2017-3167In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of th ...
CVE-2017-15715In Apache httpd 2.4.0 to 2.4.29, the expression specified in <Files ...
CVE-2017-15710In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29 ...
CVE-2017-12171A regression was found in the Red Hat Enterprise Linux 6.9 version of ...
CVE-2016-8743Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was li ...
CVE-2016-8740The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...
CVE-2016-5387The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 ...
CVE-2016-4979The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_s ...
CVE-2016-4975Possible CRLF injection allowing HTTP response splitting attacks for s ...
CVE-2016-2161In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod ...
CVE-2016-1546The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, d ...
CVE-2016-0736In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was ...
CVE-2015-3675The default configuration of the Apache HTTP Server on Apple OS X befo ...
CVE-2015-3185The ap_some_auth_required function in server/request.c in the Apache H ...
CVE-2015-3183The chunked transfer coding implementation in the Apache HTTP Server b ...
CVE-2015-0253The read_request_line function in server/protocol.c in the Apache HTTP ...
CVE-2015-0228The lua_websocket_read function in lua_request.c in the mod_lua module ...
CVE-2014-8109mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2. ...
CVE-2014-3583The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi ...
CVE-2014-3581The cache_merge_headers_out function in modules/cache/cache_util.c in ...
CVE-2014-3523Memory leak in the winnt_accept function in server/mpm/winnt/child.c i ...
CVE-2014-0231The mod_cgid module in the Apache HTTP Server before 2.4.10 does not h ...
CVE-2014-0226Race condition in the mod_status module in the Apache HTTP Server befo ...
CVE-2014-0118The deflate_in_filter function in mod_deflate.c in the mod_deflate mod ...
CVE-2014-0117The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, wh ...
CVE-2014-0098The log_cookie function in mod_log_config.c in the mod_log_config modu ...
CVE-2013-6438The dav_xml_get_cdata function in main/util.c in the mod_dav module in ...
CVE-2013-5704The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...
CVE-2013-4352The cache_invalidate function in modules/cache/cache_storage.c in the ...
CVE-2013-2249mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Ser ...
CVE-2013-1896mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly de ...
CVE-2013-1862mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2. ...
CVE-2013-1048The Debian apache2ctl script in the apache2 package squeeze before 2.2 ...
CVE-2012-4929The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ...
CVE-2012-4558Multiple cross-site scripting (XSS) vulnerabilities in the balancer_ha ...
CVE-2012-4557The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2. ...
CVE-2012-3502The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp mo ...
CVE-2012-3499Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP ...
CVE-2012-2687Multiple cross-site scripting (XSS) vulnerabilities in the make_varian ...
CVE-2012-0883envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 place ...
CVE-2012-0216The default configuration of the apache2 package in Debian GNU/Linux s ...
CVE-2012-0053protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not pro ...
CVE-2012-0031scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow ...
CVE-2012-0021The log_cookie function in mod_log_config.c in the mod_log_config modu ...
CVE-2011-4415The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0 ...
CVE-2011-4317The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ...
CVE-2011-3639The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 an ...
CVE-2011-3607Integer overflow in the ap_pregsub function in server/util.c in the Ap ...
CVE-2011-3368The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ...
CVE-2011-3348The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when ...
CVE-2011-3192The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2. ...
CVE-2011-1176The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...
CVE-2010-2791mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...
CVE-2010-2068mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 thr ...
CVE-2010-1623Memory leak in the apr_brigade_split_line function in buckets/apr_brig ...
CVE-2010-1452The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2. ...
CVE-2010-0434The ap_read_request function in server/protocol.c in the Apache HTTP S ...
CVE-2010-0425modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server ...
CVE-2010-0408The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ...
CVE-2009-3095The mod_proxy_ftp module in the Apache HTTP Server allows remote attac ...
CVE-2009-3094The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the ...
CVE-2009-1891The mod_deflate module in Apache httpd 2.2.11 and earlier compresses l ...
CVE-2009-1890The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy mo ...
CVE-2009-1195The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not proper ...
CVE-2009-1191mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...
CVE-2008-2939Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_pro ...
CVE-2008-2364The ap_proxy_http_process_response function in mod_proxy_http.c in the ...
CVE-2008-2168Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier a ...
CVE-2008-1678Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c ...
CVE-2008-0005mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-de ...
CVE-2007-6750The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a ...
CVE-2007-6423
CVE-2007-6422The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...
CVE-2007-6421Cross-site scripting (XSS) vulnerability in balancer-manager in mod_pr ...
CVE-2007-6420Cross-site request forgery (CSRF) vulnerability in the balancer-manage ...
CVE-2007-6388Cross-site scripting (XSS) vulnerability in mod_status in the Apache H ...
CVE-2007-6203Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method s ...
CVE-2007-5000Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...
CVE-2007-4465Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apa ...
CVE-2007-3847The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Ap ...
CVE-2007-3304Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, al ...
CVE-2007-1863cache_util.c in the mod_cache module in Apache HTTP Server (httpd), wh ...
CVE-2007-1862The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...
CVE-2007-1742suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison f ...
CVE-2007-1741Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...
CVE-2006-5752Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_st ...
CVE-2006-4110Apache 2.2.2, when running on Windows, allows remote attackers to read ...
CVE-2006-3918http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 bef ...
CVE-2006-3747Off-by-one error in the ldap scheme handling in the Rewrite module (mo ...
CVE-2005-3357mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...
CVE-2005-3352Cross-site scripting (XSS) vulnerability in the mod_imap module of Apa ...
CVE-2005-2970Memory leak in the worker MPM (worker.c) for Apache 2, in certain circ ...
CVE-2005-2728The byte-range filter in Apache 2.0 before 2.0.54 allows remote attack ...
CVE-2005-2700ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyCli ...
CVE-2005-2088The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ac ...
CVE-2005-1344Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ex ...
CVE-2005-1268Off-by-one error in the mod_ssl Certificate Revocation List (CRL) veri ...
CVE-2004-1834mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, inc ...
CVE-2004-0942Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...
CVE-2004-0885The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SS ...
CVE-2004-0811Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Sa ...
CVE-2004-0809The mod_dav module in Apache 2.0.50 and earlier allows remote attacker ...
CVE-2004-0786The IPv6 URI parsing routines in the apr-util library for Apache 2.0.5 ...
CVE-2004-0751The char_buffer_read function in the mod_ssl module for Apache 2.x, wh ...
CVE-2004-0748mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...
CVE-2004-0747Buffer overflow in Apache 2.0.50 and earlier allows local users to gai ...
CVE-2004-0493The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows re ...
CVE-2004-0488Stack-based buffer overflow in the ssl_util_uuencode_binary function i ...
CVE-2004-0113Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 a ...
CVE-2003-1138The default configuration of Apache 2.0.40, as shipped with Red Hat Li ...
CVE-2003-0789mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...
CVE-2003-0542Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rew ...
CVE-2003-0254Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...
CVE-2003-0253The prefork MPM in Apache 2 before 2.0.47 does not properly handle cer ...
CVE-2003-0245Vulnerability in the apr_psprintf function in the Apache Portable Runt ...
CVE-2003-0192Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3 ...
CVE-2003-0189The authentication module for Apache 2.0.40 through 2.0.45 on Unix doe ...
CVE-2003-0134Unknown vulnerability in filestat.c for Apache running on OS2, version ...
CVE-2003-0132A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...
CVE-2003-0083Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...
CVE-2003-0020Apache does not filter terminal escape sequences from its error logs, ...
CVE-2002-1850mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly re ...
CVE-2002-1593mod_dav in Apache before 2.0.42 does not properly handle versioning ho ...
CVE-2002-1592The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI app ...
CVE-2002-1156Apache 2.0.42 allows remote attackers to view the source code of a CGI ...
CVE-2002-0840Cross-site scripting (XSS) vulnerability in the default error page of ...
CVE-2002-0661Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Wind ...
CVE-2002-0654Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote a ...
CVE-2002-0392Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remot ...

Security announcements

DSA / DLADescription
DSA-4509-3apache2 - security update
DSA-4509-3apache2 - security update
DLA-1900-2apache2 - regression update
DLA-1900-1apache2 - security update
DSA-4509-1apache2 - security update
DSA-4509-1apache2 - security update
DSA-4422-1apache2 - security update
DLA-1748-1apache2 - security update
DLA-1647-1apache2 - security update
DLA-1389-1apache2 - security update
DSA-4164-1apache2 - security update
DSA-4164-1apache2 - security update
DLA-1102-1apache2 - security update
DSA-3980-1apache2 - security update
DSA-3980-1apache2 - security update
DLA-841-2apache2 - regression update
DSA-3913-1apache2 - security update
DSA-3913-1apache2 - security update
DLA-1028-1apache2 - security update
DLA-1009-1apache2 - security update
DSA-3896-1apache2 - security update
DSA-3896-1apache2 - security update
DLA-841-1apache2 - security update
DSA-3796-1apache2 - security update
DSA-3623-1apache2 - security update
DLA-553-1apache2 - security update
DSA-3325-2apache2 - regression update
DSA-3325-1apache2 - security update
DSA-3325-1apache2 - security update
DLA-284-1apache2 - security update
DLA-71-1apache2 - security update
DLA-66-1apache2 - security update
DSA-2989-1apache2 - security update
DSA-2637-1apache2 - several
DSA-2579-1apache2 - several
DSA-2452-1apache2 - insecure default configuration
DSA-2405-1apache2 - multiple issues
DSA-2405-1apache2 - multiple issues
DSA-2298-1apache2 - denial of service
DSA-2298-1apache2 - denial of service
DSA-2202-1apache2 - failure to drop root privileges
DSA-2035-1apache2 - several issues
DSA-1934-1apache2 - several issues
DSA-1934-1apache2 - several issues
DSA-1834-1apache2 apache2-mpm-itk - denial of service
DSA-1834-1apache2 apache2-mpm-itk - denial of service
DSA-1816-1apache2 apache2-mpm-itk - privilege escalation
DSA-1816-1apache2 apache2-mpm-itk - privilege escalation
DSA-1132-1apache2 - buffer overflow
DSA-805-1apache2 - several

Search for package or bug name: Reporting problems