CVE-2024-24795
- EPSS 1.22%
- Veröffentlicht 04.04.2024 20:15:08
- Zuletzt bearbeitet 30.06.2025 12:55:47
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, ...
CVE-2023-38709
- EPSS 4.36%
- Veröffentlicht 04.04.2024 20:15:08
- Zuletzt bearbeitet 04.11.2025 22:15:53
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVE-2010-1151
- EPSS 0.52%
- Veröffentlicht 20.04.2010 16:30:00
- Zuletzt bearbeitet 11.04.2025 00:51:21
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validatio...
- EPSS 0.47%
- Veröffentlicht 01.01.1999 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.