Exposição de Apache HTTP Server

Web servers

536

score de exposição

1.583.700

sites usam

5

em exploração

16

críticos

CVEs

169 resultados

CVE-2021-26691—Apache HTTP Server mod_session response handling heap overflowEPSS 68.1%CVE-2024-38472HIGHApache HTTP Server on WIndows UNC SSRFEPSS 68.0%CVE-2021-26690—mod_session NULL pointer dereferenceEPSS 65.1%CVE-2021-34798—NULL pointer dereference in httpd coreEPSS 64.5%CVE-2021-36160—mod_proxy_uwsgi out of bound readEPSS 62.9%CVE-2019-17567—mod_proxy_wstunnel tunneling of non Upgraded connectionsEPSS 60.3%CVE-2019-0190—A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modEPSS 59.9%CVE-2020-11993—Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logginEPSS 58.7%CVE-2022-37436MEDIUMApache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splittingEPSS 57.9%CVE-2017-7668—The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token()EPSS 57.5%CVE-2017-9788—In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initiEPSS 56.8%CVE-2020-1927—In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by enEPSS 56.7%CVE-2017-7659—A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash EPSS 53.9%CVE-2020-35452—mod_auth_digest possible stack overflow by one nul byteEPSS 53.2%CVE-2019-10097—In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol,EPSS 52.9%CVE-2021-30641—Unexpected URL matching with 'MergeSlashes OFF'EPSS 52.3%CVE-2020-1934—In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.EPSS 52.0%CVE-2018-8011—mod_md, DoS via Coredumps on specially crafted requestsEPSS 51.7%CVE-2021-31618—NULL pointer dereference on specially crafted HTTP/2 requestEPSS 51.2%CVE-2018-11763—In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPUEPSS 51.0%

← anteriorpágina 2 / 9próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →