Vulnerabilities > Apache > Http Server

DATE CVE VULNERABILITY TITLE RISK
2023-10-23 CVE-2023-31122 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
network
low complexity
apache fedoraproject CWE-125
7.5
2023-10-23 CVE-2023-43622 Resource Exhaustion vulnerability in Apache Http Server 2.4.55
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server.
network
low complexity
apache CWE-400
7.5
2023-10-23 CVE-2023-45802 Resource Exhaustion vulnerability in multiple products
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately.
network
high complexity
apache fedoraproject CWE-400
5.9
2023-03-07 CVE-2023-25690 HTTP Request Smuggling vulnerability in Apache Http Server
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
network
low complexity
apache CWE-444
critical
9.8
2023-03-07 CVE-2023-27522 HTTP Request Smuggling vulnerability in multiple products
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.
network
low complexity
apache debian unbit CWE-444
7.5
2023-01-17 CVE-2006-20001 Out-of-bounds Write vulnerability in Apache Http Server
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent.
network
low complexity
apache CWE-787
7.5
2023-01-17 CVE-2022-36760 HTTP Request Smuggling vulnerability in Apache Http Server
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
high complexity
apache CWE-444
critical
9.0
2023-01-17 CVE-2022-37436 HTTP Response Splitting vulnerability in Apache Http Server
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body.
network
low complexity
apache CWE-113
5.3
2022-06-09 CVE-2022-26377 HTTP Request Smuggling vulnerability in multiple products
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
low complexity
apache fedoraproject netapp CWE-444
7.5
2022-06-09 CVE-2022-28330 Out-of-bounds Read vulnerability in Apache Http Server
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
network
low complexity
apache CWE-125
5.0