Vulnerabilities > Apache > Http Server > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-18 CVE-2024-40898 Unspecified vulnerability in Apache Http Server
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 
network
low complexity
apache
7.5
2024-07-01 CVE-2024-38477 null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
network
low complexity
apache netapp
7.5
2024-04-04 CVE-2024-27316 HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response.
network
low complexity
apache fedoraproject netapp
7.5
2023-10-23 CVE-2023-31122 Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
network
low complexity
apache fedoraproject
7.5
2023-10-23 CVE-2023-43622 Unspecified vulnerability in Apache Http Server 2.4.55/2.4.56/2.4.57
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server.
network
low complexity
apache
7.5
2023-03-07 CVE-2023-27522 HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.
network
low complexity
apache debian unbit
7.5
2023-01-17 CVE-2006-20001 Unspecified vulnerability in Apache Http Server
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent.
network
low complexity
apache
7.5
2022-06-09 CVE-2022-26377 HTTP Request Smuggling vulnerability in multiple products
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
low complexity
apache fedoraproject netapp CWE-444
7.5
2022-06-09 CVE-2022-29404 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
network
low complexity
apache fedoraproject netapp CWE-770
7.5
2022-06-09 CVE-2022-30522 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
network
low complexity
apache netapp fedoraproject CWE-770
7.5