1
|
7.5
-
|
HIGH
Network
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resou…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2023-43622
|
cpe:2.3:a:apache:http_server:*:*
|
2.4.55
|
|
|
2.4.58
|
2023-11-2 03:11
2023-10-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2
|
5.9
-
|
MEDIUM
Network
|
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection c…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2023-45802
|
cpe:2.3:a:apache:http_server:*:*
|
|
|
|
2.4.58
|
2023-11-7 14:15
2023-10-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
7.5
-
|
HIGH
Network
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
|
CWE-125
Out-of-bounds Read
|
CVE-2023-31122
|
cpe:2.3:a:apache:http_server:*:*
|
|
2.4.57
|
|
|
2023-11-7 14:15
2023-10-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
4
|
7.5
-
|
HIGH
Network
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.
Special characters in the origin response header c…
|
CWE-444
HTTP Request Smuggling
|
CVE-2023-27522
|
cpe:2.3:a:apache:http_server:*:*
|
2.4.30
|
2.4.55
|
|
|
2023-09-9 07:15
2023-03-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
5
|
9.8
-
|
CRITICAL
Network
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form…
|
CWE-444
HTTP Request Smuggling
|
CVE-2023-25690
|
cpe:2.3:a:apache:http_server:*:*
|
2.4.0
|
2.4.55
|
|
|
2024-01-3 01:15
2023-03-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
6
|
5.3
-
|
MEDIUM
Network
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers…
|
CWE-113
HTTP Response Splitting
|
CVE-2022-37436
|
cpe:2.3:a:apache:http_server:*:*
|
|
|
|
2.4.55
|
2023-09-9 07:15
2023-01-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
7
|
9.0
-
|
CRITICAL
Network
|
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reque…
|
CWE-444
HTTP Request Smuggling
|
CVE-2022-36760
|
cpe:2.3:a:apache:http_server:*:*
|
2.4.0
|
|
|
2.4.55
|
2023-09-9 07:15
2023-01-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
7.5
-
|
HIGH
Network
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.
…
|
CWE-787
Out-of-bounds Write
|
CVE-2006-20001
|
cpe:2.3:a:apache:http_server:*:*
|
|
|
|
2.4.55
|
2023-09-9 07:15
2023-01-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
9
|
5.3
5.0
|
MEDIUM
Network
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
|
CWE-125
Out-of-bounds Read
|
CVE-2022-28330
|
cpe:2.3:a:apache:http_server:*:*
|
|
2.4.53
|
|
|
2022-06-25 01:15
2022-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
10
|
9.8
7.5
|
CRITICAL
Network
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based auth…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2022-31813
|
cpe:2.3:a:apache:http_server:*:*
|
|
2.4.53
|
|
|
2023-11-7 12:47
2022-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|