Apache

HTTP Server

330 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 37.16%
  • Veröffentlicht 20.07.2014 11:12:48
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted req...

Exploit
  • EPSS 85.74%
  • Veröffentlicht 20.07.2014 11:12:48
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr...

  • EPSS 43.81%
  • Veröffentlicht 20.07.2014 11:12:48
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

Exploit
  • EPSS 60.21%
  • Veröffentlicht 15.04.2014 10:55:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a s...

  • EPSS 26.83%
  • Veröffentlicht 18.03.2014 05:18:18
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) v...

  • EPSS 26%
  • Veröffentlicht 18.03.2014 05:18:18
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handl...

Exploit
  • EPSS 14.26%
  • Veröffentlicht 23.07.2013 17:20:43
  • Zuletzt bearbeitet 29.04.2026 01:13:23

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote at...

Exploit
  • EPSS 29.48%
  • Veröffentlicht 10.07.2013 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for han...

  • EPSS 24.89%
  • Veröffentlicht 10.06.2013 17:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containi...

  • EPSS 22.91%
  • Veröffentlicht 26.02.2013 16:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagema...