This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apache First view 1996-03-20
Product Http Server Last view 2022-06-09
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:* 131
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:* 130
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:* 130
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:* 130
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:* 130
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:* 129
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:* 129
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:* 129
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:* 127
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:* 127
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:* 126
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:* 125
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:* 125
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:* 125
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:* 123
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:* 122
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* 122
cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:* 120
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:* 120
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* 119
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* 119
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:* 119
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* 119
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:* 118
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* 118
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:* 118
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:* 117
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* 117
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:* 117
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:* 117
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:* 116
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:* 115
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:* 115
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:* 115
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:* 114
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:* 114
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:* 114
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* 114
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:* 113
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* 113
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:* 113
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:* 111
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* 110
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:* 110
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:* 109
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:* 109
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* 107
cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:* 106
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:* 106
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:* 106

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2022-06-09 CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

7.5 2022-06-09 CVE-2022-30556

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

7.5 2022-06-09 CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

7.5 2022-06-09 CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

9.1 2022-06-09 CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

5.3 2022-06-09 CVE-2022-28614

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.

5.3 2022-06-09 CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.

7.5 2022-06-09 CVE-2022-26377

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

9.8 2022-03-14 CVE-2022-23943

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

9.8 2022-03-14 CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.8 2022-03-14 CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

7.5 2022-03-14 CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.8 2021-12-20 CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

8.2 2021-12-20 CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

9.8 2021-10-07 CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

7.5 2021-10-05 CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

7.5 2021-10-05 CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

9 2021-09-16 CVE-2021-40438

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

9.8 2021-09-16 CVE-2021-39275

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5 2021-09-16 CVE-2021-36160

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

7.5 2021-09-16 CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5 2021-08-16 CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

6.1 2021-07-26 CVE-2021-32792

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.

5.9 2021-07-26 CVE-2021-32791

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.

6.1 2021-07-22 CVE-2021-32786

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
10% (17) CWE-399 Resource Management Errors
10% (17) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
10% (16) CWE-20 Improper Input Validation
7% (11) CWE-476 NULL Pointer Dereference
5% (9) CWE-200 Information Exposure
5% (8) CWE-787 Out-of-bounds Write
3% (6) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
3% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (5) CWE-416 Use After Free
3% (5) CWE-264 Permissions, Privileges, and Access Controls
3% (5) CWE-189 Numeric Errors
2% (4) CWE-125 Out-of-bounds Read
2% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (3) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
1% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (3) CWE-362 Race Condition
1% (3) CWE-190 Integer Overflow or Wraparound
1% (2) CWE-770 Allocation of Resources Without Limits or Throttling
1% (2) CWE-384 Session Fixation
1% (2) CWE-345 Insufficient Verification of Data Authenticity
1% (2) CWE-310 Cryptographic Issues
1% (2) CWE-287 Improper Authentication
1% (2) CWE-284 Access Control (Authorization) Issues
1% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6 Argument Injection
CAPEC-15 Command Delimiters
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-33 HTTP Request Smuggling
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-63 Simple Script Injection
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-73 User-Controlled Filename
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-81 Web Logs Tampering
CAPEC-85 Client Network Footprinting (using AJAX/XSS)
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-88 OS Command Injection
CAPEC-93 Log Injection-Tampering-Forging
CAPEC-100 Overflow Buffers
CAPEC-104 Cross Zone Scripting
CAPEC-105 HTTP Request Splitting
CAPEC-108 Command Line Execution through SQL Injection
CAPEC-123 Buffer Attacks
CAPEC-163 Spear Phishing
CAPEC-198 Cross-Site Scripting in Error Pages

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:4114 Apache Error Log Escape Sequence Injection Vulnerability
oval:org.mitre.oval:def:150 Apache Terminal Escape Sequence Vulnerability
oval:org.mitre.oval:def:100109 Apache Error Log Escape Sequence Filtering Vulnerability
oval:org.mitre.oval:def:151 Apache Terminal Escape Sequence Vulnerability II
oval:org.mitre.oval:def:156 Apache Linefeed Allocation Vulnerability
oval:org.mitre.oval:def:169 Apache Weak Cipher Suite Vulnerability
oval:org.mitre.oval:def:173 Apache prefork MPM Denial of Service
oval:org.mitre.oval:def:183 Apache IPv6 Socket Failure Denial of Service
oval:org.mitre.oval:def:9458 Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite fo...
oval:org.mitre.oval:def:864 Red Hat Enterprise 3 Multiple stack-based BO Vulnerabilities in Apache
oval:org.mitre.oval:def:863 Red Hat Multiple stack-based BO Vulnerabilities in Apache
oval:org.mitre.oval:def:3799 Apache Web Server Multiple Module Local Buffer Overflow
oval:org.mitre.oval:def:4416 Apache mod_digest Nonce Verification Vulnerability
oval:org.mitre.oval:def:100108 Apache Nonce Verification Response Replay Vulnerability
oval:org.mitre.oval:def:4670 Apache Mod_Access Access Control Rule Bypass Vulnerability
oval:org.mitre.oval:def:100111 Apache Allow/Deny Parsing Error
oval:org.mitre.oval:def:9676 Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows r...
oval:org.mitre.oval:def:876 Apache 2 Denial of Service due to Memory Leak in mod_ssl
oval:org.mitre.oval:def:1982 Apache Connection Blocking Denial Of Service Vulnerability
oval:org.mitre.oval:def:100110 Apache Listening Socket Starvation Vulnerability
oval:org.mitre.oval:def:11458 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_u...
oval:org.mitre.oval:def:4863 Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow
oval:org.mitre.oval:def:100112 Apache mod_proxy Content-Length Header Buffer Overflow
oval:org.mitre.oval:def:10605 The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote at...
oval:org.mitre.oval:def:11561 Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apach...

SAINT Exploits

Description Link
Apache mod_rewrite LDAP URL buffer overflow More info here
Apache HTTP Server path traversal More info here
Apache chunked encoding buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78556 Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Dis...
78555 Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handl...
78293 Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
78079 GoAhead WebServer Partial HTTP Request Parsing Remote DoS
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
77444 Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing ...
77310 Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (201...
77012 Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handlin...
76744 Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handlin...
76079 Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Secur...
75647 Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remot...
75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74721 Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
73388 Multiple Vendor libc Implentation fnmatch.c Memory Consumption DoS
73383 Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop...
71961 Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...
71951 Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...
70620 mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection
70055 Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...
69561 IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex...
69032 Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext...
67029 HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla...
66745 Apache HTTP Server Multiple Modules Pathless Request Remote DoS
66315 HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection

ExploitDB Exploits

id Description
18221 Apache HTTP Server Denial of Service
17969 Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
17393 Oracle HTTP Server XSS Header Injection
14288 Write-to-file Shellcode (Win32)
11650 Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10579 TLS Renegotiation Vulnerability PoC Exploit
9887 jetty 6.x - 7.x xss, information disclosure, injection
3680 Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
2237 Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
855 Apache <= 2.0.52 HTTP GET request Denial of Service Exploit

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-06 Name : Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
File : nvt/gb_apache_mod_proxy_ajp_process_timeout_dos_vuln_win.nasl
2012-12-04 Name : Debian Security Advisory DSA 2579-1 (apache2)
File : nvt/deb_2579_1.nasl
2012-11-26 Name : FreeBSD Ports: apache22
File : nvt/freebsd_apache22.nasl
2012-11-09 Name : Ubuntu Update for apache2 USN-1627-1
File : nvt/gb_ubuntu_USN_1627_1.nasl
2012-10-03 Name : Mandriva Update for apache MDVSA-2012:154-1 (apache)
File : nvt/gb_mandriva_MDVSA_2012_154_1.nasl
2012-09-25 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-133-01 apr/apr-util
File : nvt/esoft_slk_ssa_2011_133_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-145-01 apr/apr-util
File : nvt/esoft_slk_ssa_2011_145_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-252-01 httpd
File : nvt/esoft_slk_ssa_2011_252_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-284-01 httpd
File : nvt/esoft_slk_ssa_2011_284_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2012-041-01 httpd
File : nvt/esoft_slk_ssa_2012_041_01.nasl
2012-08-10 Name : FreeBSD Ports: apache
File : nvt/freebsd_apache21.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS)
File : nvt/glsa_201206_18.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-25 (apache)
File : nvt/glsa_201206_25.nasl
2012-08-02 Name : SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
File : nvt/gb_suse_2012_0314_1.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0507 centos4 x86_64
File : nvt/gb_CESA-2011_0507_apr_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0507 centos5 x86_64
File : nvt/gb_CESA-2011_0507_apr_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0844 centos4 x86_64
File : nvt/gb_CESA-2011_0844_apr_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0844 centos5 x86_64
File : nvt/gb_CESA-2011_0844_apr_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1245 centos4 x86_64
File : nvt/gb_CESA-2011_1245_httpd_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1392 centos4 x86_64
File : nvt/gb_CESA-2011_1392_httpd_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1392 centos5 x86_64
File : nvt/gb_CESA-2011_1392_httpd_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2012:0128 centos6
File : nvt/gb_CESA-2012_0128_httpd_centos6.nasl
2012-07-09 Name : RedHat Update for httpd RHSA-2011:1391-01
File : nvt/gb_RHSA-2011_1391-01_httpd.nasl
2012-07-09 Name : RedHat Update for httpd RHSA-2012:0128-01
File : nvt/gb_RHSA-2012_0128-01_httpd.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0174 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0061135
2015-A-0149 Multiple Vulnerabilities in Juniper Networks and Security Manager(NSM) Appliance
Severity: Category I - VMSKEY: V0061101
2015-B-0083 Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity: Category I - VMSKEY: V0060983
2014-A-0172 Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity: Category I - VMSKEY: V0057381
2014-A-0114 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0053307
2014-A-0084 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0052631
2014-B-0065 Multiple Vulnerabilities in IBM WebSphere Application Server
Severity: Category I - VMSKEY: V0051617
2014-A-0030 Apple Mac OS X Security Update 2014-001
Severity: Category I - VMSKEY: V0044547
2014-A-0009 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0043395
2013-A-0177 Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity: Category I - VMSKEY: V0040288
2013-A-0146 Multiple Security Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0039573
2012-B-0048 Multiple Vulnerabilities in HP Systems Insight Manager
Severity: Category I - VMSKEY: V0032178
2012-B-0038 Multiple Vulnerabilities in HP Onboard Administrator
Severity: Category I - VMSKEY: V0031972
2011-B-0060 Apache Portable Runtime Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0027639
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 .cmd? access
RuleID : 9791 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10 .bat? access
RuleID : 976-community - Type : SERVER-WEBAPP - Revision : 21
2014-01-10 .bat? access
RuleID : 976 - Type : SERVER-WEBAPP - Revision : 21
2014-01-10 phf access
RuleID : 886-community - Type : SERVER-WEBAPP - Revision : 28
2014-01-10 phf access
RuleID : 886 - Type : SERVER-WEBAPP - Revision : 28
2014-01-10 scriptalias access
RuleID : 873 - Type : WEB-CGI - Revision : 10
2014-01-10 test-cgi access
RuleID : 835-community - Type : SERVER-WEBAPP - Revision : 26
2014-01-10 test-cgi access
RuleID : 835 - Type : SERVER-WEBAPP - Revision : 26
2014-01-10 nph-test-cgi access
RuleID : 829-community - Type : SERVER-WEBAPP - Revision : 24
2014-01-10 nph-test-cgi access
RuleID : 829 - Type : SERVER-WEBAPP - Revision : 24
2014-01-10 Apache malformed ipv6 uri overflow attempt
RuleID : 5715 - Type : SERVER-APACHE - Revision : 11
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-01-21 Apache httpd mod_remoteip heap buffer overflow attempt
RuleID : 52494 - Type : SERVER-APACHE - Revision : 1
2019-10-17 Apache cookie logging denial of service attempt
RuleID : 51547 - Type : SERVER-APACHE - Revision : 1
2019-09-05 Apache 2 mod_ssl Connection Abort denial of service attempt
RuleID : 50883 - Type : SERVER-APACHE - Revision : 1
2018-06-05 HTTP request smuggling attempt
RuleID : 46495 - Type : SERVER-OTHER - Revision : 4
2018-05-24 Apache mod_http2 NULL pointer dereference attempt
RuleID : 46428 - Type : SERVER-APACHE - Revision : 4
2018-02-03 Apache SSI error page cross-site scripting attempt
RuleID : 45307 - Type : SERVER-APACHE - Revision : 2
2017-12-13 Apache HTTP Server possible mod_dav.c remote denial of service vulnerability ...
RuleID : 44808 - Type : INDICATOR-COMPROMISE - Revision : 2
2017-10-26 Apache HTTP Server possible OPTIONS method memory leak attempt
RuleID : 44434 - Type : SERVER-APACHE - Revision : 6
2017-08-31 Apache mod_auth_digest out of bounds read attempt
RuleID : 43790 - Type : SERVER-OTHER - Revision : 3
2017-08-17 Apache httpd ap_find_token buffer overread attempt
RuleID : 43587 - Type : SERVER-WEBAPP - Revision : 5
2017-08-15 httpd mod_mime content-type buffer overflow attempt
RuleID : 43547 - Type : SERVER-APACHE - Revision : 2
2017-05-09 Apache mod_session_crypto padding oracle brute force attempt
RuleID : 42133 - Type : SERVER-APACHE - Revision : 4
2017-03-28 Apache HTTP Server mod_http2 denial of service attempt
RuleID : 41688 - Type : SERVER-APACHE - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-49d3b42425.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6744ca470d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6ffb18592f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9cdbb641f9.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-eec13e2e8d.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1104.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1721.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2972.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1104.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bb9d24c82d.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote web server is affected by a denial of service vulnerability.
File: apache_2_4_35.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e182c076c18911e8a6d2b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-09-11 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0089.nasl - Type: ACT_GATHER_INFO
2018-09-05 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0181.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0027.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0126.nasl - Type: ACT_GATHER_INFO
2018-08-16 Name: The remote web server is affected by multiple vulnerabilities.
File: apache_2_4_34.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c3dc008c54.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0037.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0039.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-199-01.nasl - Type: ACT_GATHER_INFO