Apache

HTTP Server

330 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 18.8%
  • Veröffentlicht 20.07.2015 23:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote...

  • EPSS 73.33%
  • Veröffentlicht 20.07.2015 23:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large c...

  • EPSS 14.73%
  • Veröffentlicht 20.07.2015 23:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending...

  • EPSS 18.81%
  • Veröffentlicht 08.03.2015 02:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script ha...

  • EPSS 22.02%
  • Veröffentlicht 29.12.2014 23:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows rem...

  • EPSS 10.78%
  • Veröffentlicht 15.12.2014 18:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

  • EPSS 13.45%
  • Veröffentlicht 10.10.2014 10:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP...

  • EPSS 16.37%
  • Veröffentlicht 20.07.2014 11:12:50
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory con...

  • EPSS 11.53%
  • Veröffentlicht 20.07.2014 11:12:48
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and dae...

  • EPSS 35.54%
  • Veröffentlicht 20.07.2014 11:12:48
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.