Apache

HTTP Server

301 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-22719

  • EPSS 32.9%
  • Veröffentlicht 14.03.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:18

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.8

CVE-2022-22720

  • EPSS 33.37%
  • Veröffentlicht 14.03.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:18

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

9.1

CVE-2022-22721

  • EPSS 19.47%
  • Veröffentlicht 14.03.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:19

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.8

CVE-2022-23943

  • EPSS 65.91%
  • Veröffentlicht 14.03.2022 11:15:09
  • Zuletzt bearbeitet 01.05.2025 15:37:55

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

8.2

CVE-2021-44224

  • EPSS 10.7%
  • Veröffentlicht 20.12.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:30:37

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix D...

9.8

CVE-2021-44790

Exploit
  • EPSS 87.09%
  • Veröffentlicht 20.12.2021 12:15:07
  • Zuletzt bearbeitet 01.05.2025 15:38:06

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This...

9.8

CVE-2021-42013

Warnung Exploit
  • EPSS 94.41%
  • Veröffentlicht 07.10.2021 16:15:09
  • Zuletzt bearbeitet 21.03.2025 21:02:08

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these dire...

7.5

CVE-2021-41524

Warnung
  • EPSS 6.77%
  • Veröffentlicht 05.10.2021 09:15:07
  • Zuletzt bearbeitet 21.11.2024 06:26:20

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in versi...

7.5

CVE-2021-41773

Warnung Exploit
  • EPSS 94.38%
  • Veröffentlicht 05.10.2021 09:15:07
  • Zuletzt bearbeitet 21.03.2025 21:07:31

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directorie...

7.5

CVE-2021-34798

  • EPSS 11.69%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:11:13

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.