This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apache First view 1996-03-20
Product Http Server Last view 2021-10-07
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:* 117
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:* 116
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:* 116
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:* 116
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:* 116
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:* 115
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:* 115
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:* 115
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:* 113
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:* 113
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:* 112
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:* 111
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:* 111
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:* 111
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:* 109
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:* 108
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* 108
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:* 106
cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:* 105
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:* 105
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* 105
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* 105
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* 105
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:* 104
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:* 104
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* 104
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:* 103
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:* 103
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* 103
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:* 103
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:* 102
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:* 101
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:* 101
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:* 101
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:* 100
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:* 100
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:* 100
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* 100
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:* 99
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:* 99
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* 98
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:* 97
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* 96
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:* 96
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:* 95
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:* 95
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* 92
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:* 92
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:* 92
cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:* 92

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2021-10-07 CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

7.5 2021-10-05 CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

7.5 2021-10-05 CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

9 2021-09-16 CVE-2021-40438

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

9.8 2021-09-16 CVE-2021-39275

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5 2021-09-16 CVE-2021-36160

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

7.5 2021-09-16 CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5 2021-08-16 CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

6.1 2021-07-26 CVE-2021-32792

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.

5.9 2021-07-26 CVE-2021-32791

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.

6.1 2021-07-22 CVE-2021-32786

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression.

7.5 2021-07-22 CVE-2021-32785

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.

7.5 2021-06-15 CVE-2021-31618

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.

5.3 2021-06-10 CVE-2021-30641

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'

9.8 2021-06-10 CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow

7.5 2021-06-10 CVE-2021-26690

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

7.3 2021-06-10 CVE-2020-35452

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

7.5 2021-06-10 CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

5.5 2021-06-10 CVE-2020-13938

Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows

5.3 2021-06-10 CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

7.5 2020-08-07 CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

7.5 2020-08-07 CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

5.3 2020-08-07 CVE-2020-11985

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.

9.8 2020-08-07 CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

6.1 2020-04-02 CVE-2020-1927

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
11% (17) CWE-399 Resource Management Errors
11% (17) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
11% (17) CWE-20 Improper Input Validation
7% (10) CWE-476 NULL Pointer Dereference
5% (8) CWE-200 Information Exposure
4% (6) CWE-264 Permissions, Privileges, and Access Controls
4% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (5) CWE-787 Out-of-bounds Write
3% (5) CWE-416 Use After Free
3% (5) CWE-189 Numeric Errors
2% (4) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
2% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (3) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
2% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (3) CWE-362 Race Condition
2% (3) CWE-310 Cryptographic Issues
2% (3) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (2) CWE-384 Session Fixation
1% (2) CWE-287 Improper Authentication
1% (2) CWE-284 Access Control (Authorization) Issues
1% (2) CWE-125 Out-of-bounds Read
1% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
0% (1) CWE-772 Missing Release of Resource after Effective Lifetime
0% (1) CWE-706 Use of Incorrectly-Resolved Name or Reference
0% (1) CWE-532 Information Leak Through Log Files

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6 Argument Injection
CAPEC-15 Command Delimiters
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-33 HTTP Request Smuggling
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-63 Simple Script Injection
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-73 User-Controlled Filename
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-81 Web Logs Tampering
CAPEC-85 Client Network Footprinting (using AJAX/XSS)
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-88 OS Command Injection
CAPEC-93 Log Injection-Tampering-Forging
CAPEC-100 Overflow Buffers
CAPEC-104 Cross Zone Scripting
CAPEC-105 HTTP Request Splitting
CAPEC-108 Command Line Execution through SQL Injection
CAPEC-123 Buffer Attacks
CAPEC-163 Spear Phishing
CAPEC-198 Cross-Site Scripting in Error Pages

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:4114 Apache Error Log Escape Sequence Injection Vulnerability
oval:org.mitre.oval:def:150 Apache Terminal Escape Sequence Vulnerability
oval:org.mitre.oval:def:100109 Apache Error Log Escape Sequence Filtering Vulnerability
oval:org.mitre.oval:def:151 Apache Terminal Escape Sequence Vulnerability II
oval:org.mitre.oval:def:156 Apache Linefeed Allocation Vulnerability
oval:org.mitre.oval:def:169 Apache Weak Cipher Suite Vulnerability
oval:org.mitre.oval:def:173 Apache prefork MPM Denial of Service
oval:org.mitre.oval:def:183 Apache IPv6 Socket Failure Denial of Service
oval:org.mitre.oval:def:9458 Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite fo...
oval:org.mitre.oval:def:864 Red Hat Enterprise 3 Multiple stack-based BO Vulnerabilities in Apache
oval:org.mitre.oval:def:863 Red Hat Multiple stack-based BO Vulnerabilities in Apache
oval:org.mitre.oval:def:3799 Apache Web Server Multiple Module Local Buffer Overflow
oval:org.mitre.oval:def:4416 Apache mod_digest Nonce Verification Vulnerability
oval:org.mitre.oval:def:100108 Apache Nonce Verification Response Replay Vulnerability
oval:org.mitre.oval:def:4670 Apache Mod_Access Access Control Rule Bypass Vulnerability
oval:org.mitre.oval:def:100111 Apache Allow/Deny Parsing Error
oval:org.mitre.oval:def:9676 Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows r...
oval:org.mitre.oval:def:876 Apache 2 Denial of Service due to Memory Leak in mod_ssl
oval:org.mitre.oval:def:1982 Apache Connection Blocking Denial Of Service Vulnerability
oval:org.mitre.oval:def:100110 Apache Listening Socket Starvation Vulnerability
oval:org.mitre.oval:def:11458 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_u...
oval:org.mitre.oval:def:4863 Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow
oval:org.mitre.oval:def:100112 Apache mod_proxy Content-Length Header Buffer Overflow
oval:org.mitre.oval:def:10605 The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote at...
oval:org.mitre.oval:def:11561 Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apach...

SAINT Exploits

Description Link
Apache mod_rewrite LDAP URL buffer overflow More info here
Apache HTTP Server path traversal More info here
Apache chunked encoding buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78556 Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Dis...
78555 Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handl...
78293 Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
78079 GoAhead WebServer Partial HTTP Request Parsing Remote DoS
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
77444 Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing ...
77310 Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (201...
77012 Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handlin...
76744 Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handlin...
76079 Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Secur...
75647 Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remot...
75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74721 Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
73388 Multiple Vendor libc Implentation fnmatch.c Memory Consumption DoS
73383 Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop...
71961 Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...
71951 Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...
70620 mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection
70055 Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...
69561 IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex...
69032 Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext...
67029 HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla...
66745 Apache HTTP Server Multiple Modules Pathless Request Remote DoS
66315 HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection

ExploitDB Exploits

id Description
18221 Apache HTTP Server Denial of Service
17969 Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
17393 Oracle HTTP Server XSS Header Injection
14288 Write-to-file Shellcode (Win32)
11650 Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10579 TLS Renegotiation Vulnerability PoC Exploit
9887 jetty 6.x - 7.x xss, information disclosure, injection
3680 Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
2237 Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
855 Apache <= 2.0.52 HTTP GET request Denial of Service Exploit

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-06 Name : Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
File : nvt/gb_apache_mod_proxy_ajp_process_timeout_dos_vuln_win.nasl
2012-12-04 Name : Debian Security Advisory DSA 2579-1 (apache2)
File : nvt/deb_2579_1.nasl
2012-11-26 Name : FreeBSD Ports: apache22
File : nvt/freebsd_apache22.nasl
2012-11-09 Name : Ubuntu Update for apache2 USN-1627-1
File : nvt/gb_ubuntu_USN_1627_1.nasl
2012-10-03 Name : Mandriva Update for apache MDVSA-2012:154-1 (apache)
File : nvt/gb_mandriva_MDVSA_2012_154_1.nasl
2012-09-25 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-133-01 apr/apr-util
File : nvt/esoft_slk_ssa_2011_133_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-145-01 apr/apr-util
File : nvt/esoft_slk_ssa_2011_145_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-252-01 httpd
File : nvt/esoft_slk_ssa_2011_252_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-284-01 httpd
File : nvt/esoft_slk_ssa_2011_284_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2012-041-01 httpd
File : nvt/esoft_slk_ssa_2012_041_01.nasl
2012-08-10 Name : FreeBSD Ports: apache
File : nvt/freebsd_apache21.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS)
File : nvt/glsa_201206_18.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-25 (apache)
File : nvt/glsa_201206_25.nasl
2012-08-02 Name : SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
File : nvt/gb_suse_2012_0314_1.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0507 centos4 x86_64
File : nvt/gb_CESA-2011_0507_apr_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0507 centos5 x86_64
File : nvt/gb_CESA-2011_0507_apr_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0844 centos4 x86_64
File : nvt/gb_CESA-2011_0844_apr_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0844 centos5 x86_64
File : nvt/gb_CESA-2011_0844_apr_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1245 centos4 x86_64
File : nvt/gb_CESA-2011_1245_httpd_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1392 centos4 x86_64
File : nvt/gb_CESA-2011_1392_httpd_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1392 centos5 x86_64
File : nvt/gb_CESA-2011_1392_httpd_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2012:0128 centos6
File : nvt/gb_CESA-2012_0128_httpd_centos6.nasl
2012-07-09 Name : RedHat Update for httpd RHSA-2011:1391-01
File : nvt/gb_RHSA-2011_1391-01_httpd.nasl
2012-07-09 Name : RedHat Update for httpd RHSA-2012:0128-01
File : nvt/gb_RHSA-2012_0128-01_httpd.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0174 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0061135
2015-A-0149 Multiple Vulnerabilities in Juniper Networks and Security Manager(NSM) Appliance
Severity: Category I - VMSKEY: V0061101
2015-B-0083 Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity: Category I - VMSKEY: V0060983
2014-A-0172 Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity: Category I - VMSKEY: V0057381
2014-A-0114 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0053307
2014-A-0084 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0052631
2014-B-0065 Multiple Vulnerabilities in IBM WebSphere Application Server
Severity: Category I - VMSKEY: V0051617
2014-A-0030 Apple Mac OS X Security Update 2014-001
Severity: Category I - VMSKEY: V0044547
2014-A-0009 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0043395
2013-A-0177 Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity: Category I - VMSKEY: V0040288
2013-A-0146 Multiple Security Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0039573
2012-B-0048 Multiple Vulnerabilities in HP Systems Insight Manager
Severity: Category I - VMSKEY: V0032178
2012-B-0038 Multiple Vulnerabilities in HP Onboard Administrator
Severity: Category I - VMSKEY: V0031972
2011-B-0060 Apache Portable Runtime Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0027639
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 .cmd? access
RuleID : 9791 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10 .bat? access
RuleID : 976-community - Type : SERVER-WEBAPP - Revision : 21
2014-01-10 .bat? access
RuleID : 976 - Type : SERVER-WEBAPP - Revision : 21
2014-01-10 phf access
RuleID : 886-community - Type : SERVER-WEBAPP - Revision : 28
2014-01-10 phf access
RuleID : 886 - Type : SERVER-WEBAPP - Revision : 28
2014-01-10 scriptalias access
RuleID : 873 - Type : WEB-CGI - Revision : 10
2014-01-10 test-cgi access
RuleID : 835-community - Type : SERVER-WEBAPP - Revision : 26
2014-01-10 test-cgi access
RuleID : 835 - Type : SERVER-WEBAPP - Revision : 26
2014-01-10 nph-test-cgi access
RuleID : 829-community - Type : SERVER-WEBAPP - Revision : 24
2014-01-10 nph-test-cgi access
RuleID : 829 - Type : SERVER-WEBAPP - Revision : 24
2014-01-10 Apache malformed ipv6 uri overflow attempt
RuleID : 5715 - Type : SERVER-APACHE - Revision : 11
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-01-21 Apache httpd mod_remoteip heap buffer overflow attempt
RuleID : 52494 - Type : SERVER-APACHE - Revision : 1
2019-10-17 Apache cookie logging denial of service attempt
RuleID : 51547 - Type : SERVER-APACHE - Revision : 1
2019-09-05 Apache 2 mod_ssl Connection Abort denial of service attempt
RuleID : 50883 - Type : SERVER-APACHE - Revision : 1
2018-06-05 HTTP request smuggling attempt
RuleID : 46495 - Type : SERVER-OTHER - Revision : 4
2018-05-24 Apache mod_http2 NULL pointer dereference attempt
RuleID : 46428 - Type : SERVER-APACHE - Revision : 4
2018-02-03 Apache SSI error page cross-site scripting attempt
RuleID : 45307 - Type : SERVER-APACHE - Revision : 2
2017-12-13 Apache HTTP Server possible mod_dav.c remote denial of service vulnerability ...
RuleID : 44808 - Type : INDICATOR-COMPROMISE - Revision : 2
2017-10-26 Apache HTTP Server possible OPTIONS method memory leak attempt
RuleID : 44434 - Type : SERVER-APACHE - Revision : 6
2017-08-31 Apache mod_auth_digest out of bounds read attempt
RuleID : 43790 - Type : SERVER-OTHER - Revision : 3
2017-08-17 Apache httpd ap_find_token buffer overread attempt
RuleID : 43587 - Type : SERVER-WEBAPP - Revision : 5
2017-08-15 httpd mod_mime content-type buffer overflow attempt
RuleID : 43547 - Type : SERVER-APACHE - Revision : 2
2017-05-09 Apache mod_session_crypto padding oracle brute force attempt
RuleID : 42133 - Type : SERVER-APACHE - Revision : 4
2017-03-28 Apache HTTP Server mod_http2 denial of service attempt
RuleID : 41688 - Type : SERVER-APACHE - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-49d3b42425.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6744ca470d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6ffb18592f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9cdbb641f9.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-eec13e2e8d.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1104.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1721.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2972.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1104.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bb9d24c82d.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote web server is affected by a denial of service vulnerability.
File: apache_2_4_35.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e182c076c18911e8a6d2b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-09-11 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0089.nasl - Type: ACT_GATHER_INFO
2018-09-05 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0181.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0027.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0126.nasl - Type: ACT_GATHER_INFO
2018-08-16 Name: The remote web server is affected by multiple vulnerabilities.
File: apache_2_4_34.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c3dc008c54.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0037.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0039.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-199-01.nasl - Type: ACT_GATHER_INFO