Apache

HTTP Server

301 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2009-1195

Exploit
  • EPSS 0.22%
  • Published 28.05.2009 20:30:00
  • Last modified 09.04.2025 00:30:58

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Opti...

5

CVE-2009-1191

  • EPSS 11.97%
  • Published 23.04.2009 17:30:01
  • Last modified 09.04.2025 00:30:58

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

4.3

CVE-2008-2939

  • EPSS 67.24%
  • Published 06.08.2008 18:41:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary we...

5

CVE-2008-2364

  • EPSS 9.7%
  • Published 13.06.2008 18:41:00
  • Last modified 09.04.2025 00:30:58

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service...

4.3

CVE-2008-2168

Exploit
  • EPSS 54.71%
  • Published 13.05.2008 21:20:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

4.3

CVE-2008-0455

Exploit
  • EPSS 18.09%
  • Published 25.01.2008 01:00:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated use...

2.6

CVE-2008-0456

Exploit
  • EPSS 7.58%
  • Published 25.01.2008 01:00:00
  • Last modified 09.04.2025 00:30:58

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject...

4.3

CVE-2007-6420

  • EPSS 5.04%
  • Published 12.01.2008 00:46:00
  • Last modified 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

7.8

CVE-2007-6423

  • EPSS 3.66%
  • Published 12.01.2008 00:46:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue

4.3

CVE-2008-0005

Exploit
  • EPSS 7.14%
  • Published 12.01.2008 00:46:00
  • Last modified 09.04.2025 00:30:58

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.