Vulnerabilities > Apache > Http Server

DATE CVE VULNERABILITY TITLE RISK
2023-03-07 CVE-2023-27522 HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.
network
low complexity
apache debian unbit
7.5
2023-01-17 CVE-2006-20001 Unspecified vulnerability in Apache Http Server
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent.
network
low complexity
apache
7.5
2023-01-17 CVE-2022-36760 Unspecified vulnerability in Apache Http Server
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
high complexity
apache
critical
9.0
2023-01-17 CVE-2022-37436 Unspecified vulnerability in Apache Http Server
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body.
network
low complexity
apache
5.3
2022-06-09 CVE-2022-26377 HTTP Request Smuggling vulnerability in multiple products
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
low complexity
apache fedoraproject netapp CWE-444
7.5
2022-06-09 CVE-2022-28330 Out-of-bounds Read vulnerability in Apache Http Server
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
network
low complexity
apache CWE-125
5.3
2022-06-09 CVE-2022-28614 Integer Overflow or Wraparound vulnerability in multiple products
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
network
low complexity
apache fedoraproject netapp CWE-190
5.3
2022-06-09 CVE-2022-28615 Integer Overflow or Wraparound vulnerability in multiple products
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
network
low complexity
apache fedoraproject netapp CWE-190
critical
9.1
2022-06-09 CVE-2022-29404 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
network
low complexity
apache fedoraproject netapp CWE-770
7.5
2022-06-09 CVE-2022-30522 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
network
low complexity
apache netapp fedoraproject CWE-770
7.5