Vulnerabilities > Apache > Http Server > 2.2.32

DATE CVE VULNERABILITY TITLE RISK
2018-03-09 CVE-2016-8612 Improper Input Validation vulnerability in multiple products
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
low complexity
apache redhat netapp CWE-20
4.3
4.3
2017-09-18 CVE-2017-9798 Use After Free vulnerability in multiple products
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed.
network
low complexity
apache debian CWE-416
7.5
7.5
2017-07-13 CVE-2017-9788 Improper Input Validation vulnerability in multiple products
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest.
network
low complexity
apache debian apple netapp redhat oracle CWE-20
critical
 9.1
9.1
2017-06-20 CVE-2017-7679 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Http Server
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
network
low complexity
apache CWE-119
critical
 9.8
9.8
2017-06-20 CVE-2017-7668 Out-of-bounds Read vulnerability in multiple products
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string.
network
low complexity
apache netapp redhat debian oracle apple CWE-125
7.5
7.5
2017-06-20 CVE-2017-3169 NULL Pointer Dereference vulnerability in Apache Http Server
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
network
low complexity
apache CWE-476
critical
 9.8
9.8
2017-06-20 CVE-2017-3167 Improper Authentication vulnerability in multiple products
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
network
low complexity
apache netapp redhat apple debian oracle CWE-287
critical
 9.8
9.8