📦 Http Server
by Apache
🔍 What is Http Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This CVE describes an access control bypass vulnerability in Apache HTTP Server's mod_ssl module when using TLS 1.3 session resumption. Organizations running Apache 2.4.35-2.4.63 with multiple virtual...
A substitution encoding vulnerability in Apache HTTP Server's mod_rewrite module allows attackers to bypass security restrictions and execute scripts in directories that should be protected. This affe...
Apache HTTP Server 2.4.59 and earlier contain a vulnerability where malicious response headers from backend applications can lead to information disclosure, server-side request forgery (SSRF), or loca...
This CVE describes an HTTP request smuggling vulnerability in Apache HTTP Server when mod_proxy is configured with certain RewriteRule or ProxyPassMatch patterns. Attackers can manipulate request data...
This vulnerability in Apache HTTP Server 2.4.53 and earlier could cause crashes or information disclosure due to a buffer overflow in the ap_strcmp_match() function. Only systems using third-party mod...
This vulnerability in Apache HTTP Server allows attackers to bypass IP-based authentication by manipulating the Connection header to prevent X-Forwarded-* headers from reaching origin servers. It affe...
Apache HTTP Server versions 2.4.52 and earlier contain a vulnerability where the server fails to properly close inbound connections when encountering errors while discarding request bodies. This allow...
CVE-2022-23943 is a critical heap memory corruption vulnerability in Apache HTTP Server's mod_sed module that allows attackers to write data beyond allocated memory boundaries. This can lead to remote...
CVE-2021-42013 is a critical path traversal vulnerability in Apache HTTP Server that allows attackers to access files outside configured directories. If CGI scripts are enabled for aliased paths, this...
CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows attackers to access files outside configured directories. If CGI is enabled, this can lead to remote code exec...
CVE-2021-39275 is a critical buffer overflow vulnerability in Apache HTTP Server's ap_escape_quotes() function that could allow remote code execution or denial of service. The vulnerability affects Ap...
CVE-2021-26691 is a critical heap overflow vulnerability in Apache HTTP Server that allows remote attackers to execute arbitrary code or cause denial of service. Attackers can exploit this by sending ...
This vulnerability in Apache HTTP Server allows remote code execution when Server Side Includes (SSI) is enabled with mod_cgid. Attackers can inject shell commands through improperly escaped query str...
This SSRF vulnerability in Apache HTTP Server on Windows allows attackers to force the server to make requests to malicious servers, potentially leaking NTLM authentication hashes. It affects Windows ...
An integer overflow in Apache HTTP Server's ACME certificate renewal process causes the backoff timer to reset to zero after approximately 30 days of consecutive renewal failures. This leads to immedi...
This vulnerability allows untrusted clients to trigger a denial of service attack against Apache HTTP Server by causing an assertion failure in the mod_proxy_http2 module. It affects Apache HTTP Serve...
This vulnerability in Apache HTTP Server involves improper memory management where memory is released later than intended after its effective lifetime. This affects Apache HTTP Server versions 2.4.17 ...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows that allows attackers to leak NTLM hashes to malicious servers. The vulnerability occurs when mod...
This HTTP response splitting vulnerability in Apache HTTP Server allows attackers to manipulate Content-Type headers to split HTTP responses, potentially injecting malicious content. It affects Apache...
This vulnerability in Apache HTTP Server on Windows allows attackers to perform Server-Side Request Forgery (SSRF) attacks when mod_rewrite is configured in server or virtual host contexts. Successful...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server's mod_rewrite module. Attackers can exploit unsafe RewriteRules to redirect requests through mod_proxy to ar...
This vulnerability in Apache HTTP Server's mod_proxy module allows attackers to send specially crafted requests with incorrect URL encoding to backend services. This can potentially bypass authenticat...
CVE-2023-38709 is an input validation vulnerability in Apache HTTP Server that allows malicious backend applications or content generators to split HTTP responses, potentially enabling response smuggl...
This vulnerability in nghttp2's HTTP/2 implementation allows memory exhaustion attacks when clients send excessive headers. Attackers can cause denial of service by overwhelming server memory. Affects...
An out-of-bounds read vulnerability in the mod_macro module of Apache HTTP Server allows attackers to read memory beyond allocated buffers. This affects Apache HTTP Server versions through 2.4.57 when...
This HTTP request smuggling vulnerability in Apache HTTP Server's mod_proxy_ajp module allows attackers to bypass security controls and smuggle malicious requests to backend AJP servers. It affects Ap...
CVE-2022-30556 is a buffer overflow vulnerability in Apache HTTP Server's r:wsread() function that can cause memory corruption. It affects Apache HTTP Server versions 2.4.53 and earlier. Attackers cou...
CVE-2022-22719 is a memory corruption vulnerability in Apache HTTP Server where a specially crafted request body can cause the server to read from random memory locations, potentially leading to a den...
This vulnerability in Apache HTTP Server allows attackers to crash the server via NULL pointer dereference or perform Server-Side Request Forgery (SSRF) when the server is configured as a forward prox...
CVE-2021-36160 is an out-of-bounds read vulnerability in Apache HTTP Server's mod_proxy_uwsgi module. A specially crafted URI path can cause the server to read beyond allocated memory boundaries, lead...
CVE-2021-33193 is an HTTP/2 request smuggling vulnerability in Apache HTTP Server's mod_proxy module. Attackers can send specially crafted HTTP/2 requests that bypass validation, potentially leading t...
CVE-2020-13950 is a NULL pointer dereference vulnerability in Apache HTTP Server's mod_proxy_http module that allows remote attackers to cause a denial of service by sending specially crafted HTTP req...
CVE-2021-26690 is a NULL pointer dereference vulnerability in Apache HTTP Server's mod_session module that can be triggered by a specially crafted Cookie header. This causes the server to crash, resul...
This vulnerability allows attackers to manipulate CGI program behavior by injecting malicious environment variables through Apache configuration. It affects Apache HTTP Server versions 2.4.0 through 2...
This vulnerability allows users with htaccess file access to bypass mod_userdir+suexec restrictions via the RequestHeader directive, potentially causing CGI scripts to execute under unintended user ID...
A bug in Apache HTTP Server 2.4.64 causes all RewriteCond expression tests to evaluate as true, potentially allowing attackers to bypass URL rewrite rules and access restricted content. This affects a...