Apache

HTTP Server

306 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2022-28615

  • EPSS 1.11%
  • Veröffentlicht 09.06.2022 17:15:09
  • Zuletzt bearbeitet 18.12.2025 16:15:47

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, th...

7.5

CVE-2022-29404

  • EPSS 2.32%
  • Veröffentlicht 09.06.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:59:01

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

7.5

CVE-2022-30522

  • EPSS 11.59%
  • Veröffentlicht 09.06.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:52

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

7.5

CVE-2022-30556

  • EPSS 0.4%
  • Veröffentlicht 09.06.2022 17:15:09
  • Zuletzt bearbeitet 01.05.2025 15:35:37

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

9.8

CVE-2022-31813

  • EPSS 0.04%
  • Veröffentlicht 09.06.2022 17:15:09
  • Zuletzt bearbeitet 01.05.2025 15:35:29

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

7.5

CVE-2022-22719

  • EPSS 32.2%
  • Veröffentlicht 14.03.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:18

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.8

CVE-2022-22720

  • EPSS 33.37%
  • Veröffentlicht 14.03.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:18

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

9.1

CVE-2022-22721

  • EPSS 18.95%
  • Veröffentlicht 14.03.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:19

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.8

CVE-2022-23943

  • EPSS 67.6%
  • Veröffentlicht 14.03.2022 11:15:09
  • Zuletzt bearbeitet 01.05.2025 15:37:55

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

8.2

CVE-2021-44224

  • EPSS 10.75%
  • Veröffentlicht 20.12.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:30:37

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix D...