Vulnerabilities > Apache > Http Server

DATE CVE VULNERABILITY TITLE RISK
2019-04-08 CVE-2019-0217 Race Condition vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
7.5
2019-04-08 CVE-2019-0215 In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
network
high complexity
apache fedoraproject
7.5
2019-01-30 CVE-2019-0190 A bug exists in the way mod_ssl handled client renegotiations.
network
low complexity
apache oracle
7.5
2019-01-30 CVE-2018-17199 Session Fixation vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session.
network
low complexity
apache debian netapp canonical oracle CWE-384
7.5
2019-01-30 CVE-2018-17189 Resource Exhaustion vulnerability in multiple products
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data.
5.3
2018-09-25 CVE-2018-11763 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect.
network
high complexity
apache canonical redhat oracle netapp
5.9
2018-08-14 CVE-2016-4975 CRLF Injection vulnerability in Apache Http Server
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir.
network
low complexity
apache CWE-93
6.1
2018-07-26 CVE-2017-12171 A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly.
network
low complexity
redhat apache
6.5
2018-07-18 CVE-2018-8011 NULL Pointer Dereference vulnerability in multiple products
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault.
network
low complexity
apache netapp CWE-476
7.5
2018-06-18 CVE-2018-1333 Resource Exhaustion vulnerability in multiple products
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service.
network
low complexity
apache redhat canonical netapp CWE-400
7.5