This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apache First view 1996-03-20
Product Http Server Last view 2023-10-23
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:* 156
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:* 155
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:* 155
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* 155
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:* 155
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:* 155
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* 154
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* 154
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:* 154
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:* 154
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:* 154
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:* 154
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* 153
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:* 153
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* 153
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:* 153
cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:* 153
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:* 152
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* 152
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:* 152
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:* 152
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:* 151
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:* 151
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:* 150
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:* 150
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:* 149
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:* 149
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:* 149
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:* 148
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:* 148
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:* 148
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:* 148
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:* 148
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:* 146
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:* 146
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:* 146
cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:* 146
cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:* 145
cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:* 145
cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:* 145
cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:* 145
cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:* 145
cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:* 144
cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:* 144
cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:* 144
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:* 144
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:* 143
cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:* 142
cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:* 142
cpe:2.3:a:apache:http_server:1.2.0:*:*:*:*:*:*:* 142

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.9 2023-10-23 CVE-2023-45802

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.

This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.

7.5 2023-10-23 CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.

This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.

7.5 2023-10-23 CVE-2023-31122

Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

7.5 2023-03-07 CVE-2023-27522

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.

Special characters in the origin response header can truncate/split the response forwarded to the client.

9.8 2023-03-07 CVE-2023-25690

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.

Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and is then
re-inserted into the proxied request-target using variable substitution. For example, something like:

RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/

Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.

5.3 2023-01-17 CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

9 2023-01-17 CVE-2022-36760

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

7.5 2023-01-17 CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.

This issue affects Apache HTTP Server 2.4.54 and earlier.

9.8 2022-06-09 CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

7.5 2022-06-09 CVE-2022-30556

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

7.5 2022-06-09 CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

7.5 2022-06-09 CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

9.1 2022-06-09 CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

5.3 2022-06-09 CVE-2022-28614

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.

5.3 2022-06-09 CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.

7.5 2022-06-09 CVE-2022-26377

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

9.8 2022-03-14 CVE-2022-23943

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

9.1 2022-03-14 CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.8 2022-03-14 CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

7.5 2022-03-14 CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.8 2021-12-20 CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

8.2 2021-12-20 CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

9.8 2021-10-07 CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

7.5 2021-10-05 CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

7.5 2021-10-05 CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
11% (19) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
7% (13) CWE-476 NULL Pointer Dereference
7% (13) CWE-20 Improper Input Validation
5% (10) CWE-787 Out-of-bounds Write
5% (10) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
5% (10) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
5% (10) CWE-399 Resource Management Errors
4% (8) CWE-200 Information Exposure
4% (7) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (6) CWE-125 Out-of-bounds Read
2% (5) CWE-770 Allocation of Resources Without Limits or Throttling
2% (5) CWE-416 Use After Free
2% (5) CWE-189 Numeric Errors
2% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (3) CWE-667 Insufficient Locking
1% (3) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
1% (3) CWE-362 Race Condition
1% (3) CWE-190 Integer Overflow or Wraparound
1% (2) CWE-384 Session Fixation
1% (2) CWE-345 Insufficient Verification of Data Authenticity
1% (2) CWE-287 Improper Authentication
1% (2) CWE-284 Access Control (Authorization) Issues
1% (2) CWE-131 Incorrect Calculation of Buffer Size
1% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (2) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6 Argument Injection
CAPEC-15 Command Delimiters
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-33 HTTP Request Smuggling
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-63 Simple Script Injection
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-73 User-Controlled Filename
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-81 Web Logs Tampering
CAPEC-85 Client Network Footprinting (using AJAX/XSS)
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-88 OS Command Injection
CAPEC-93 Log Injection-Tampering-Forging
CAPEC-100 Overflow Buffers
CAPEC-104 Cross Zone Scripting
CAPEC-105 HTTP Request Splitting
CAPEC-108 Command Line Execution through SQL Injection
CAPEC-123 Buffer Attacks
CAPEC-163 Spear Phishing
CAPEC-198 Cross-Site Scripting in Error Pages

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:4114 Apache Error Log Escape Sequence Injection Vulnerability
oval:org.mitre.oval:def:150 Apache Terminal Escape Sequence Vulnerability
oval:org.mitre.oval:def:100109 Apache Error Log Escape Sequence Filtering Vulnerability
oval:org.mitre.oval:def:151 Apache Terminal Escape Sequence Vulnerability II
oval:org.mitre.oval:def:156 Apache Linefeed Allocation Vulnerability
oval:org.mitre.oval:def:169 Apache Weak Cipher Suite Vulnerability
oval:org.mitre.oval:def:173 Apache prefork MPM Denial of Service
oval:org.mitre.oval:def:183 Apache IPv6 Socket Failure Denial of Service
oval:org.mitre.oval:def:9458 Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite fo...
oval:org.mitre.oval:def:864 Red Hat Enterprise 3 Multiple stack-based BO Vulnerabilities in Apache
oval:org.mitre.oval:def:863 Red Hat Multiple stack-based BO Vulnerabilities in Apache
oval:org.mitre.oval:def:3799 Apache Web Server Multiple Module Local Buffer Overflow
oval:org.mitre.oval:def:4416 Apache mod_digest Nonce Verification Vulnerability
oval:org.mitre.oval:def:100108 Apache Nonce Verification Response Replay Vulnerability
oval:org.mitre.oval:def:4670 Apache Mod_Access Access Control Rule Bypass Vulnerability
oval:org.mitre.oval:def:100111 Apache Allow/Deny Parsing Error
oval:org.mitre.oval:def:9676 Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows r...
oval:org.mitre.oval:def:876 Apache 2 Denial of Service due to Memory Leak in mod_ssl
oval:org.mitre.oval:def:1982 Apache Connection Blocking Denial Of Service Vulnerability
oval:org.mitre.oval:def:100110 Apache Listening Socket Starvation Vulnerability
oval:org.mitre.oval:def:11458 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_u...
oval:org.mitre.oval:def:4863 Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow
oval:org.mitre.oval:def:100112 Apache mod_proxy Content-Length Header Buffer Overflow
oval:org.mitre.oval:def:10605 The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote at...
oval:org.mitre.oval:def:11561 Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apach...

SAINT Exploits

Description Link
Apache mod_rewrite LDAP URL buffer overflow More info here
Apache HTTP Server path traversal More info here
Apache chunked encoding buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78556 Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Dis...
78555 Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handl...
78293 Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
78079 GoAhead WebServer Partial HTTP Request Parsing Remote DoS
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
77444 Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing ...
77310 Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (201...
77012 Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handlin...
76744 Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handlin...
76079 Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Secur...
75647 Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remot...
75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74721 Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
73388 Multiple Vendor libc Implentation fnmatch.c Memory Consumption DoS
73383 Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop...
71961 Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...
71951 Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...
70620 mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection
70055 Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...
69561 IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex...
69032 Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext...
68327 Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memor...
67029 HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla...
66745 Apache HTTP Server Multiple Modules Pathless Request Remote DoS

ExploitDB Exploits

id Description
18221 Apache HTTP Server Denial of Service
17969 Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
17393 Oracle HTTP Server XSS Header Injection
14288 Write-to-file Shellcode (Win32)
11650 Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10579 TLS Renegotiation Vulnerability PoC Exploit
9887 jetty 6.x - 7.x xss, information disclosure, injection
3680 Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
2237 Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
855 Apache <= 2.0.52 HTTP GET request Denial of Service Exploit

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-06 Name : Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
File : nvt/gb_apache_mod_proxy_ajp_process_timeout_dos_vuln_win.nasl
2012-12-04 Name : Debian Security Advisory DSA 2579-1 (apache2)
File : nvt/deb_2579_1.nasl
2012-11-26 Name : FreeBSD Ports: apache22
File : nvt/freebsd_apache22.nasl
2012-11-09 Name : Ubuntu Update for apache2 USN-1627-1
File : nvt/gb_ubuntu_USN_1627_1.nasl
2012-10-03 Name : Mandriva Update for apache MDVSA-2012:154-1 (apache)
File : nvt/gb_mandriva_MDVSA_2012_154_1.nasl
2012-09-25 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-133-01 apr/apr-util
File : nvt/esoft_slk_ssa_2011_133_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-145-01 apr/apr-util
File : nvt/esoft_slk_ssa_2011_145_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-252-01 httpd
File : nvt/esoft_slk_ssa_2011_252_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-284-01 httpd
File : nvt/esoft_slk_ssa_2011_284_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2012-041-01 httpd
File : nvt/esoft_slk_ssa_2012_041_01.nasl
2012-08-10 Name : FreeBSD Ports: apache
File : nvt/freebsd_apache21.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS)
File : nvt/glsa_201206_18.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-25 (apache)
File : nvt/glsa_201206_25.nasl
2012-08-02 Name : SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
File : nvt/gb_suse_2012_0314_1.nasl
2012-07-30 Name : CentOS Update for apr-util CESA-2010:0950 centos4 x86_64
File : nvt/gb_CESA-2010_0950_apr-util_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0507 centos4 x86_64
File : nvt/gb_CESA-2011_0507_apr_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0507 centos5 x86_64
File : nvt/gb_CESA-2011_0507_apr_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0844 centos4 x86_64
File : nvt/gb_CESA-2011_0844_apr_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for apr CESA-2011:0844 centos5 x86_64
File : nvt/gb_CESA-2011_0844_apr_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1245 centos4 x86_64
File : nvt/gb_CESA-2011_1245_httpd_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1392 centos4 x86_64
File : nvt/gb_CESA-2011_1392_httpd_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2011:1392 centos5 x86_64
File : nvt/gb_CESA-2011_1392_httpd_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for httpd CESA-2012:0128 centos6
File : nvt/gb_CESA-2012_0128_httpd_centos6.nasl
2012-07-09 Name : RedHat Update for httpd RHSA-2011:1391-01
File : nvt/gb_RHSA-2011_1391-01_httpd.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0174 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0061135
2015-A-0149 Multiple Vulnerabilities in Juniper Networks and Security Manager(NSM) Appliance
Severity: Category I - VMSKEY: V0061101
2015-B-0083 Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity: Category I - VMSKEY: V0060983
2014-A-0172 Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity: Category I - VMSKEY: V0057381
2014-A-0114 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0053307
2014-A-0084 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0052631
2014-B-0065 Multiple Vulnerabilities in IBM WebSphere Application Server
Severity: Category I - VMSKEY: V0051617
2014-A-0030 Apple Mac OS X Security Update 2014-001
Severity: Category I - VMSKEY: V0044547
2014-A-0009 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0043395
2013-A-0177 Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity: Category I - VMSKEY: V0040288
2013-A-0146 Multiple Security Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0039573
2012-B-0048 Multiple Vulnerabilities in HP Systems Insight Manager
Severity: Category I - VMSKEY: V0032178
2012-B-0038 Multiple Vulnerabilities in HP Onboard Administrator
Severity: Category I - VMSKEY: V0031972
2011-B-0060 Apache Portable Runtime Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0027639
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 .cmd? access
RuleID : 9791 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10 .bat? access
RuleID : 976-community - Type : SERVER-WEBAPP - Revision : 21
2014-01-10 .bat? access
RuleID : 976 - Type : SERVER-WEBAPP - Revision : 21
2014-01-10 phf access
RuleID : 886-community - Type : SERVER-WEBAPP - Revision : 28
2014-01-10 phf access
RuleID : 886 - Type : SERVER-WEBAPP - Revision : 28
2014-01-10 scriptalias access
RuleID : 873 - Type : WEB-CGI - Revision : 10
2014-01-10 test-cgi access
RuleID : 835-community - Type : SERVER-WEBAPP - Revision : 26
2014-01-10 test-cgi access
RuleID : 835 - Type : SERVER-WEBAPP - Revision : 26
2014-01-10 nph-test-cgi access
RuleID : 829-community - Type : SERVER-WEBAPP - Revision : 24
2014-01-10 nph-test-cgi access
RuleID : 829 - Type : SERVER-WEBAPP - Revision : 24
2014-01-10 Apache malformed ipv6 uri overflow attempt
RuleID : 5715 - Type : SERVER-APACHE - Revision : 11
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-01-21 Apache httpd mod_remoteip heap buffer overflow attempt
RuleID : 52494 - Type : SERVER-APACHE - Revision : 1
2019-10-17 Apache cookie logging denial of service attempt
RuleID : 51547 - Type : SERVER-APACHE - Revision : 1
2019-09-05 Apache 2 mod_ssl Connection Abort denial of service attempt
RuleID : 50883 - Type : SERVER-APACHE - Revision : 1
2018-06-05 HTTP request smuggling attempt
RuleID : 46495 - Type : SERVER-OTHER - Revision : 4
2018-05-24 Apache mod_http2 NULL pointer dereference attempt
RuleID : 46428 - Type : SERVER-APACHE - Revision : 4
2018-02-03 Apache SSI error page cross-site scripting attempt
RuleID : 45307 - Type : SERVER-APACHE - Revision : 2
2017-12-13 Apache HTTP Server possible mod_dav.c remote denial of service vulnerability ...
RuleID : 44808 - Type : INDICATOR-COMPROMISE - Revision : 2
2017-10-26 Apache HTTP Server possible OPTIONS method memory leak attempt
RuleID : 44434 - Type : SERVER-APACHE - Revision : 6
2017-08-31 Apache mod_auth_digest out of bounds read attempt
RuleID : 43790 - Type : SERVER-OTHER - Revision : 3
2017-08-17 Apache httpd ap_find_token buffer overread attempt
RuleID : 43587 - Type : SERVER-WEBAPP - Revision : 5
2017-08-15 httpd mod_mime content-type buffer overflow attempt
RuleID : 43547 - Type : SERVER-APACHE - Revision : 2
2017-05-09 Apache mod_session_crypto padding oracle brute force attempt
RuleID : 42133 - Type : SERVER-APACHE - Revision : 4
2017-03-28 Apache HTTP Server mod_http2 denial of service attempt
RuleID : 41688 - Type : SERVER-APACHE - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-49d3b42425.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6744ca470d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6ffb18592f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9cdbb641f9.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-eec13e2e8d.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1104.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1721.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2972.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1104.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bb9d24c82d.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote web server is affected by a denial of service vulnerability.
File: apache_2_4_35.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e182c076c18911e8a6d2b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-09-11 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0089.nasl - Type: ACT_GATHER_INFO
2018-09-05 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0181.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0027.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0126.nasl - Type: ACT_GATHER_INFO
2018-08-16 Name: The remote web server is affected by multiple vulnerabilities.
File: apache_2_4_34.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c3dc008c54.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0037.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0039.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-199-01.nasl - Type: ACT_GATHER_INFO