This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apache First view 1996-03-20
Product Http Server Last view 2020-04-02
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:* 93
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:* 92
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:* 92
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:* 92
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:* 92
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:* 91
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:* 91
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:* 91
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:* 89
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:* 89
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:* 89
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:* 87
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:* 87
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:* 87
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:* 86
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:* 85
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* 83
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:* 82
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* 81
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:* 81
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* 81
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* 80
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* 80
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:* 80
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:* 79
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:* 79
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* 79
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:* 79
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* 79
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* 78
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:* 78
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:* 78
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* 78
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* 77
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:* 76
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:* 76
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:* 76
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:* 76
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:* 75
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:* 75
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:* 75
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:* 75
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:* 73
cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:* 73
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* 72
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:* 72
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:* 71
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* 71
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:* 71
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:* 70

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.1 2020-04-02 CVE-2020-1927

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

5.3 2020-04-01 CVE-2020-1934

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

6.1 2020-01-15 CVE-2020-2530

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

7.2 2019-09-26 CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

6.1 2019-09-26 CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

9.1 2019-09-26 CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

6.1 2019-09-25 CVE-2019-10098

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

7.5 2019-08-15 CVE-2019-10081

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.

5.3 2019-06-11 CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

4.2 2019-06-11 CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.

5.3 2019-06-11 CVE-2019-0196

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.

7.5 2019-04-08 CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

7.5 2019-04-08 CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.

7.8 2019-04-08 CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

7.5 2019-01-30 CVE-2019-0190

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

7.5 2019-01-30 CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

5.3 2019-01-30 CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

5.9 2018-09-25 CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

6.1 2018-08-14 CVE-2016-4975

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

6.5 2018-07-26 CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.

7.5 2018-07-18 CVE-2018-8011

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).

7.5 2018-06-18 CVE-2018-1333

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

9.8 2018-03-26 CVE-2018-1312

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

7.5 2018-03-26 CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.

5.9 2018-03-26 CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
17% (21) CWE-399 Resource Management Errors
16% (20) CWE-20 Improper Input Validation
13% (16) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
6% (8) CWE-264 Permissions, Privileges, and Access Controls
6% (8) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (7) CWE-200 Information Exposure
4% (5) CWE-476 NULL Pointer Dereference
4% (5) CWE-189 Numeric Errors
3% (4) CWE-416 Use After Free
2% (3) CWE-362 Race Condition
2% (3) CWE-310 Cryptographic Issues
2% (3) CWE-287 Improper Authentication
2% (3) CWE-284 Access Control (Authorization) Issues
1% (2) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
1% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (1) CWE-787 Out-of-bounds Write
0% (1) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
0% (1) CWE-384 Session Fixation
0% (1) CWE-352 Cross-Site Request Forgery (CSRF)
0% (1) CWE-125 Out-of-bounds Read
0% (1) CWE-93 Failure to Sanitize CRLF Sequences ('CRLF Injection')
0% (1) CWE-19 Data Handling
0% (1) CWE-17 Code

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6 Argument Injection
CAPEC-15 Command Delimiters
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-33 HTTP Request Smuggling
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-63 Simple Script Injection
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-73 User-Controlled Filename
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-81 Web Logs Tampering
CAPEC-85 Client Network Footprinting (using AJAX/XSS)
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-88 OS Command Injection
CAPEC-93 Log Injection-Tampering-Forging
CAPEC-100 Overflow Buffers
CAPEC-104 Cross Zone Scripting
CAPEC-105 HTTP Request Splitting
CAPEC-108 Command Line Execution through SQL Injection
CAPEC-123 Buffer Attacks
CAPEC-163 Spear Phishing
CAPEC-198 Cross-Site Scripting in Error Pages

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:4114 Apache Error Log Escape Sequence Injection Vulnerability
oval:org.mitre.oval:def:150 Apache Terminal Escape Sequence Vulnerability
oval:org.mitre.oval:def:100109 Apache Error Log Escape Sequence Filtering Vulnerability
oval:org.mitre.oval:def:151 Apache Terminal Escape Sequence Vulnerability II
oval:org.mitre.oval:def:156 Apache Linefeed Allocation Vulnerability
oval:org.mitre.oval:def:169 Apache Weak Cipher Suite Vulnerability
oval:org.mitre.oval:def:173 Apache prefork MPM Denial of Service
oval:org.mitre.oval:def:183 Apache IPv6 Socket Failure Denial of Service
oval:org.mitre.oval:def:9458 Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite fo...
oval:org.mitre.oval:def:864 Red Hat Enterprise 3 Multiple stack-based BO Vulnerabilities in Apache
oval:org.mitre.oval:def:863 Red Hat Multiple stack-based BO Vulnerabilities in Apache
oval:org.mitre.oval:def:3799 Apache Web Server Multiple Module Local Buffer Overflow
oval:org.mitre.oval:def:4416 Apache mod_digest Nonce Verification Vulnerability
oval:org.mitre.oval:def:100108 Apache Nonce Verification Response Replay Vulnerability
oval:org.mitre.oval:def:4670 Apache Mod_Access Access Control Rule Bypass Vulnerability
oval:org.mitre.oval:def:100111 Apache Allow/Deny Parsing Error
oval:org.mitre.oval:def:9676 Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows r...
oval:org.mitre.oval:def:876 Apache 2 Denial of Service due to Memory Leak in mod_ssl
oval:org.mitre.oval:def:1982 Apache Connection Blocking Denial Of Service Vulnerability
oval:org.mitre.oval:def:100110 Apache Listening Socket Starvation Vulnerability
oval:org.mitre.oval:def:11458 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_u...
oval:org.mitre.oval:def:4863 Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow
oval:org.mitre.oval:def:100112 Apache mod_proxy Content-Length Header Buffer Overflow
oval:org.mitre.oval:def:10605 The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote at...
oval:org.mitre.oval:def:11561 Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apach...

SAINT Exploits

Description Link
Apache mod_rewrite LDAP URL buffer overflow More info here
Apache chunked encoding buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78556 Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Dis...
78555 Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handl...
78293 Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
78079 GoAhead WebServer Partial HTTP Request Parsing Remote DoS
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
77444 Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing ...
77310 Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (201...
77012 Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handlin...
76744 Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handlin...
76079 Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Secur...
75647 Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remot...
75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74721 Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
73388 Multiple Vendor libc Implentation fnmatch.c Memory Consumption DoS
73383 Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop...
73246 Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
73245 Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
71961 Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...
71951 Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...
70620 mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection
70055 Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...
69561 IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex...
69032 Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext...
67029 HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla...

ExploitDB Exploits

id Description
18221 Apache HTTP Server Denial of Service
17969 Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
17393 Oracle HTTP Server XSS Header Injection
14288 Write-to-file Shellcode (Win32)
11650 Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10579 TLS Renegotiation Vulnerability PoC Exploit
9887 jetty 6.x - 7.x xss, information disclosure, injection
3680 Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
2237 Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
855 Apache <= 2.0.52 HTTP GET request Denial of Service Exploit

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-06 Name : Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
File : nvt/gb_apache_mod_proxy_ajp_process_timeout_dos_vuln_win.nasl
2012-12-04 Name : Debian Security Advisory DSA 2579-1 (apache2)
File : nvt/deb_2579_1.nasl
2012-11-26 Name : FreeBSD Ports: apache22
File : nvt/freebsd_apache22.nasl
2012-11-09 Name : Ubuntu Update for apache2 USN-1627-1
File : nvt/gb_ubuntu_USN_1627_1.nasl
2012-10-03 Name : Mandriva Update for apache MDVSA-2012:154-1 (apache)
File : nvt/gb_mandriva_MDVSA_2012_154_1.nasl
2012-09-25 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-133-01 apr/apr-util
File : nvt/esoft_slk_ssa_2011_133_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-145-01 apr/apr-util
File : nvt/esoft_slk_ssa_2011_145_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-252-01 httpd
File : nvt/esoft_slk_ssa_2011_252_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-284-01 httpd
File : nvt/esoft_slk_ssa_2011_284_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2012-041-01 httpd
File : nvt/esoft_slk_ssa_2012_041_01.nasl
2012-08-10 Name : FreeBSD Ports: apache
File : nvt/freebsd_apache21.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS)
File : nvt/glsa_201206_18.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-25 (apache)
File : nvt/glsa_201206_25.nasl
2012-08-02 Name : SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
File : nvt/gb_suse_2012_0314_1.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0507 centos4 x86_64
File : nvt/gb_CESA-2011_0507_apr_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0507 centos5 x86_64
File : nvt/gb_CESA-2011_0507_apr_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0844 centos4 x86_64
File : nvt/gb_CESA-2011_0844_apr_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0844 centos5 x86_64
File : nvt/gb_CESA-2011_0844_apr_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for mod_dav_svn CESA-2011:0861 centos4 x86_64
File : nvt/gb_CESA-2011_0861_mod_dav_svn_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for mod_dav_svn CESA-2011:0862 centos5 x86_64
File : nvt/gb_CESA-2011_0862_mod_dav_svn_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1245 centos4 x86_64
File : nvt/gb_CESA-2011_1245_httpd_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1392 centos4 x86_64
File : nvt/gb_CESA-2011_1392_httpd_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1392 centos5 x86_64
File : nvt/gb_CESA-2011_1392_httpd_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2012:0128 centos6
File : nvt/gb_CESA-2012_0128_httpd_centos6.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0174 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0061135
2015-A-0149 Multiple Vulnerabilities in Juniper Networks and Security Manager(NSM) Appliance
Severity: Category I - VMSKEY: V0061101
2015-B-0083 Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity: Category I - VMSKEY: V0060983
2014-A-0172 Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity: Category I - VMSKEY: V0057381
2014-A-0114 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0053307
2014-A-0084 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0052631
2014-B-0065 Multiple Vulnerabilities in IBM WebSphere Application Server
Severity: Category I - VMSKEY: V0051617
2014-A-0030 Apple Mac OS X Security Update 2014-001
Severity: Category I - VMSKEY: V0044547
2014-A-0009 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0043395
2013-A-0177 Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity: Category I - VMSKEY: V0040288
2013-A-0146 Multiple Security Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0039573
2012-B-0048 Multiple Vulnerabilities in HP Systems Insight Manager
Severity: Category I - VMSKEY: V0032178
2012-B-0038 Multiple Vulnerabilities in HP Onboard Administrator
Severity: Category I - VMSKEY: V0031972
2011-B-0060 Apache Portable Runtime Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0027639
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 .cmd? access
RuleID : 9791 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10 .bat? access
RuleID : 976-community - Type : SERVER-WEBAPP - Revision : 21
2014-01-10 .bat? access
RuleID : 976 - Type : SERVER-WEBAPP - Revision : 21
2014-01-10 phf access
RuleID : 886-community - Type : SERVER-WEBAPP - Revision : 28
2014-01-10 phf access
RuleID : 886 - Type : SERVER-WEBAPP - Revision : 28
2014-01-10 scriptalias access
RuleID : 873 - Type : WEB-CGI - Revision : 10
2014-01-10 test-cgi access
RuleID : 835-community - Type : SERVER-WEBAPP - Revision : 26
2014-01-10 test-cgi access
RuleID : 835 - Type : SERVER-WEBAPP - Revision : 26
2014-01-10 nph-test-cgi access
RuleID : 829-community - Type : SERVER-WEBAPP - Revision : 24
2014-01-10 nph-test-cgi access
RuleID : 829 - Type : SERVER-WEBAPP - Revision : 24
2014-01-10 Apache malformed ipv6 uri overflow attempt
RuleID : 5715 - Type : SERVER-APACHE - Revision : 11
2020-01-21 Apache httpd mod_remoteip heap buffer overflow attempt
RuleID : 52494 - Type : SERVER-APACHE - Revision : 1
2019-10-17 Apache cookie logging denial of service attempt
RuleID : 51547 - Type : SERVER-APACHE - Revision : 1
2019-09-05 Apache 2 mod_ssl Connection Abort denial of service attempt
RuleID : 50883 - Type : SERVER-APACHE - Revision : 1
2018-06-05 HTTP request smuggling attempt
RuleID : 46495 - Type : SERVER-OTHER - Revision : 4
2018-05-24 Apache mod_http2 NULL pointer dereference attempt
RuleID : 46428 - Type : SERVER-APACHE - Revision : 4
2018-02-03 Apache SSI error page cross-site scripting attempt
RuleID : 45307 - Type : SERVER-APACHE - Revision : 2
2017-12-13 Apache HTTP Server possible mod_dav.c remote denial of service vulnerability ...
RuleID : 44808 - Type : INDICATOR-COMPROMISE - Revision : 2
2017-10-26 Apache HTTP Server possible OPTIONS method memory leak attempt
RuleID : 44434 - Type : SERVER-APACHE - Revision : 6
2017-08-31 Apache mod_auth_digest out of bounds read attempt
RuleID : 43790 - Type : SERVER-OTHER - Revision : 2
2017-08-17 Multiple products HTTP connection header overflow attempt
RuleID : 43587 - Type : SERVER-WEBAPP - Revision : 4
2017-08-15 httpd mod_mime content-type buffer overflow attempt
RuleID : 43547 - Type : SERVER-APACHE - Revision : 2
2017-05-09 Apache mod_session_crypto padding oracle brute force attempt
RuleID : 42133 - Type : SERVER-APACHE - Revision : 4
2017-03-28 Apache HTTP Server mod_http2 denial of service attempt
RuleID : 41688 - Type : SERVER-APACHE - Revision : 2
2016-07-28 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-49d3b42425.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6744ca470d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6ffb18592f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9cdbb641f9.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-eec13e2e8d.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1104.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1721.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2972.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1104.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bb9d24c82d.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote web server is affected by a denial of service vulnerability.
File: apache_2_4_35.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e182c076c18911e8a6d2b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-09-11 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0089.nasl - Type: ACT_GATHER_INFO
2018-09-05 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0181.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0027.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0126.nasl - Type: ACT_GATHER_INFO
2018-08-16 Name: The remote web server is affected by multiple vulnerabilities.
File: apache_2_4_34.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c3dc008c54.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0037.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0039.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-199-01.nasl - Type: ACT_GATHER_INFO