Vulnerabilities > Apache > Http Server > 2.2.2

DATE CVE VULNERABILITY TITLE RISK
2023-10-23 CVE-2023-31122 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
network
low complexity
apache fedoraproject CWE-125
7.5
2023-10-23 CVE-2023-45802 Resource Exhaustion vulnerability in multiple products
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately.
network
high complexity
apache fedoraproject CWE-400
5.9
2023-01-17 CVE-2006-20001 Out-of-bounds Write vulnerability in Apache Http Server
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent.
network
low complexity
apache CWE-787
7.5
2023-01-17 CVE-2022-37436 HTTP Response Splitting vulnerability in Apache Http Server
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body.
network
low complexity
apache CWE-113
5.3
2022-06-09 CVE-2022-28330 Out-of-bounds Read vulnerability in Apache Http Server
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
network
low complexity
apache CWE-125
5.0
2022-06-09 CVE-2022-28614 Integer Overflow or Wraparound vulnerability in multiple products
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
network
low complexity
apache fedoraproject netapp CWE-190
5.3
2022-06-09 CVE-2022-28615 Integer Overflow or Wraparound vulnerability in multiple products
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
network
low complexity
apache fedoraproject netapp CWE-190
critical
9.1
2022-06-09 CVE-2022-29404 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
network
low complexity
apache fedoraproject netapp CWE-770
7.5
2022-06-09 CVE-2022-30556 Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
network
low complexity
apache netapp fedoraproject
7.5
2022-06-09 CVE-2022-31813 Insufficient Verification of Data Authenticity vulnerability in multiple products
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.
network
low complexity
apache netapp fedoraproject CWE-345
critical
9.8