Apache

HTTP Server

330 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 22.91%
  • Veröffentlicht 26.02.2013 16:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remo...

Exploit
  • EPSS 17.47%
  • Veröffentlicht 30.11.2012 19:55:01
  • Zuletzt bearbeitet 16.06.2026 23:45:23

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an...

  • EPSS 22.52%
  • Veröffentlicht 22.08.2012 19:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:52

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to in...

  • EPSS 9.56%
  • Veröffentlicht 22.08.2012 19:55:01
  • Zuletzt bearbeitet 16.06.2026 23:43:21

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end c...

  • EPSS 0.95%
  • Veröffentlicht 18.04.2012 10:33:33
  • Zuletzt bearbeitet 16.06.2026 23:38:27

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apach...

  • EPSS 30.81%
  • Veröffentlicht 28.01.2012 04:05:00
  • Zuletzt bearbeitet 16.06.2026 23:36:30

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of s...

  • EPSS 82.76%
  • Veröffentlicht 28.01.2012 04:05:00
  • Zuletzt bearbeitet 16.06.2026 23:36:34

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors i...

Exploit
  • EPSS 2.91%
  • Veröffentlicht 18.01.2012 20:55:02
  • Zuletzt bearbeitet 16.06.2026 23:36:31

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memor...

  • EPSS 71.63%
  • Veröffentlicht 27.12.2011 18:55:00
  • Zuletzt bearbeitet 16.06.2026 22:48:41

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

  • EPSS 52.53%
  • Veröffentlicht 30.11.2011 04:05:58
  • Zuletzt bearbeitet 16.06.2026 23:33:40

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration ...