Summary
Detail | |||
---|---|---|---|
Vendor | Apache | First view | 1996-03-20 |
Product | Http Server | Last view | 2023-10-23 |
Version | 1.3 | Type | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.9 | 2023-10-23 | CVE-2023-45802 | When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. |
7.5 | 2023-10-23 | CVE-2023-43622 | An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. |
7.5 | 2023-10-23 | CVE-2023-31122 | Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. |
7.5 | 2023-03-07 | CVE-2023-27522 | HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. |
9.8 | 2023-03-07 | CVE-2023-25690 | Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. |
5.3 | 2023-01-17 | CVE-2022-37436 | Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. |
9 | 2023-01-17 | CVE-2022-36760 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. |
7.5 | 2023-01-17 | CVE-2006-20001 | A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. |
9.8 | 2022-06-09 | CVE-2022-31813 | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. |
7.5 | 2022-06-09 | CVE-2022-30556 | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. |
7.5 | 2022-06-09 | CVE-2022-30522 | If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. |
7.5 | 2022-06-09 | CVE-2022-29404 | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. |
9.1 | 2022-06-09 | CVE-2022-28615 | Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. |
5.3 | 2022-06-09 | CVE-2022-28614 | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. |
5.3 | 2022-06-09 | CVE-2022-28330 | Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. |
7.5 | 2022-06-09 | CVE-2022-26377 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. |
9.8 | 2022-03-14 | CVE-2022-23943 | Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. |
9.1 | 2022-03-14 | CVE-2022-22721 | If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. |
9.8 | 2022-03-14 | CVE-2022-22720 | Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling |
7.5 | 2022-03-14 | CVE-2022-22719 | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. |
9.8 | 2021-12-20 | CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. |
8.2 | 2021-12-20 | CVE-2021-44224 | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). |
9.8 | 2021-10-07 | CVE-2021-42013 | It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. |
7.5 | 2021-10-05 | CVE-2021-41773 | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. |
7.5 | 2021-10-05 | CVE-2021-41524 | While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
11% (19) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
7% (13) | CWE-476 | NULL Pointer Dereference |
7% (13) | CWE-20 | Improper Input Validation |
5% (10) | CWE-787 | Out-of-bounds Write |
5% (10) | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli... |
5% (10) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
5% (10) | CWE-399 | Resource Management Errors |
4% (8) | CWE-200 | Information Exposure |
4% (7) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
3% (6) | CWE-125 | Out-of-bounds Read |
2% (5) | CWE-770 | Allocation of Resources Without Limits or Throttling |
2% (5) | CWE-416 | Use After Free |
2% (5) | CWE-189 | Numeric Errors |
2% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (3) | CWE-667 | Insufficient Locking |
1% (3) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
1% (3) | CWE-362 | Race Condition |
1% (3) | CWE-190 | Integer Overflow or Wraparound |
1% (2) | CWE-384 | Session Fixation |
1% (2) | CWE-345 | Insufficient Verification of Data Authenticity |
1% (2) | CWE-287 | Improper Authentication |
1% (2) | CWE-284 | Access Control (Authorization) Issues |
1% (2) | CWE-131 | Incorrect Calculation of Buffer Size |
1% (2) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
1% (2) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-6 | Argument Injection |
CAPEC-15 | Command Delimiters |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-33 | HTTP Request Smuggling |
CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-63 | Simple Script Injection |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-73 | User-Controlled Filename |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-81 | Web Logs Tampering |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-88 | OS Command Injection |
CAPEC-93 | Log Injection-Tampering-Forging |
CAPEC-100 | Overflow Buffers |
CAPEC-104 | Cross Zone Scripting |
CAPEC-105 | HTTP Request Splitting |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-123 | Buffer Attacks |
CAPEC-163 | Spear Phishing |
CAPEC-198 | Cross-Site Scripting in Error Pages |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:4114 | Apache Error Log Escape Sequence Injection Vulnerability |
oval:org.mitre.oval:def:150 | Apache Terminal Escape Sequence Vulnerability |
oval:org.mitre.oval:def:100109 | Apache Error Log Escape Sequence Filtering Vulnerability |
oval:org.mitre.oval:def:151 | Apache Terminal Escape Sequence Vulnerability II |
oval:org.mitre.oval:def:156 | Apache Linefeed Allocation Vulnerability |
oval:org.mitre.oval:def:169 | Apache Weak Cipher Suite Vulnerability |
oval:org.mitre.oval:def:173 | Apache prefork MPM Denial of Service |
oval:org.mitre.oval:def:183 | Apache IPv6 Socket Failure Denial of Service |
oval:org.mitre.oval:def:9458 | Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite fo... |
oval:org.mitre.oval:def:864 | Red Hat Enterprise 3 Multiple stack-based BO Vulnerabilities in Apache |
oval:org.mitre.oval:def:863 | Red Hat Multiple stack-based BO Vulnerabilities in Apache |
oval:org.mitre.oval:def:3799 | Apache Web Server Multiple Module Local Buffer Overflow |
oval:org.mitre.oval:def:4416 | Apache mod_digest Nonce Verification Vulnerability |
oval:org.mitre.oval:def:100108 | Apache Nonce Verification Response Replay Vulnerability |
oval:org.mitre.oval:def:4670 | Apache Mod_Access Access Control Rule Bypass Vulnerability |
oval:org.mitre.oval:def:100111 | Apache Allow/Deny Parsing Error |
oval:org.mitre.oval:def:9676 | Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows r... |
oval:org.mitre.oval:def:876 | Apache 2 Denial of Service due to Memory Leak in mod_ssl |
oval:org.mitre.oval:def:1982 | Apache Connection Blocking Denial Of Service Vulnerability |
oval:org.mitre.oval:def:100110 | Apache Listening Socket Starvation Vulnerability |
oval:org.mitre.oval:def:11458 | Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_u... |
oval:org.mitre.oval:def:4863 | Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow |
oval:org.mitre.oval:def:100112 | Apache mod_proxy Content-Length Header Buffer Overflow |
oval:org.mitre.oval:def:10605 | The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote at... |
oval:org.mitre.oval:def:11561 | Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apach... |
SAINT Exploits
Description | Link |
---|---|
Apache mod_rewrite LDAP URL buffer overflow | More info here |
Apache HTTP Server path traversal | More info here |
Apache chunked encoding buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78556 | Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Dis... |
78555 | Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handl... |
78293 | Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass |
78079 | GoAhead WebServer Partial HTTP Request Parsing Remote DoS |
77832 | Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint... |
77444 | Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing ... |
77310 | Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (201... |
77012 | Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handlin... |
76744 | Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handlin... |
76079 | Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Secur... |
75647 | Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remot... |
75622 | Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
74721 | Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS |
74335 | Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
73388 | Multiple Vendor libc Implentation fnmatch.c Memory Consumption DoS |
73383 | Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop... |
71961 | Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ... |
71951 | Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes... |
70620 | mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
70055 | Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi... |
69561 | IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex... |
69032 | Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext... |
68327 | Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memor... |
67029 | HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla... |
66745 | Apache HTTP Server Multiple Modules Pathless Request Remote DoS |
ExploitDB Exploits
id | Description |
---|---|
18221 | Apache HTTP Server Denial of Service |
17969 | Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC |
17393 | Oracle HTTP Server XSS Header Injection |
14288 | Write-to-file Shellcode (Win32) |
11650 | Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit |
10579 | TLS Renegotiation Vulnerability PoC Exploit |
9887 | jetty 6.x - 7.x xss, information disclosure, injection |
3680 | Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32) |
2237 | Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC |
855 | Apache <= 2.0.52 HTTP GET request Denial of Service Exploit |
OpenVAS Exploits
id | Description |
---|---|
2012-12-06 | Name : Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows) File : nvt/gb_apache_mod_proxy_ajp_process_timeout_dos_vuln_win.nasl |
2012-12-04 | Name : Debian Security Advisory DSA 2579-1 (apache2) File : nvt/deb_2579_1.nasl |
2012-11-26 | Name : FreeBSD Ports: apache22 File : nvt/freebsd_apache22.nasl |
2012-11-09 | Name : Ubuntu Update for apache2 USN-1627-1 File : nvt/gb_ubuntu_USN_1627_1.nasl |
2012-10-03 | Name : Mandriva Update for apache MDVSA-2012:154-1 (apache) File : nvt/gb_mandriva_MDVSA_2012_154_1.nasl |
2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2011-133-01 apr/apr-util File : nvt/esoft_slk_ssa_2011_133_01.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2011-145-01 apr/apr-util File : nvt/esoft_slk_ssa_2011_145_01.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2011-252-01 httpd File : nvt/esoft_slk_ssa_2011_252_01.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2011-284-01 httpd File : nvt/esoft_slk_ssa_2011_284_01.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-041-01 httpd File : nvt/esoft_slk_ssa_2012_041_01.nasl |
2012-08-10 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache21.nasl |
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS) File : nvt/glsa_201206_18.nasl |
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-25 (apache) File : nvt/glsa_201206_25.nasl |
2012-08-02 | Name : SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2) File : nvt/gb_suse_2012_0314_1.nasl |
2012-07-30 | Name : CentOS Update for apr-util CESA-2010:0950 centos4 x86_64 File : nvt/gb_CESA-2010_0950_apr-util_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for apr CESA-2011:0507 centos4 x86_64 File : nvt/gb_CESA-2011_0507_apr_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for apr CESA-2011:0507 centos5 x86_64 File : nvt/gb_CESA-2011_0507_apr_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for apr CESA-2011:0844 centos4 x86_64 File : nvt/gb_CESA-2011_0844_apr_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for apr CESA-2011:0844 centos5 x86_64 File : nvt/gb_CESA-2011_0844_apr_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for httpd CESA-2011:1245 centos4 x86_64 File : nvt/gb_CESA-2011_1245_httpd_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for httpd CESA-2011:1392 centos4 x86_64 File : nvt/gb_CESA-2011_1392_httpd_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for httpd CESA-2011:1392 centos5 x86_64 File : nvt/gb_CESA-2011_1392_httpd_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for httpd CESA-2012:0128 centos6 File : nvt/gb_CESA-2012_0128_httpd_centos6.nasl |
2012-07-09 | Name : RedHat Update for httpd RHSA-2011:1391-01 File : nvt/gb_RHSA-2011_1391-01_httpd.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
2015-A-0174 | Multiple Vulnerabilities in Apache HTTP Server Severity: Category I - VMSKEY: V0061135 |
2015-A-0149 | Multiple Vulnerabilities in Juniper Networks and Security Manager(NSM) Appliance Severity: Category I - VMSKEY: V0061101 |
2015-B-0083 | Multiple Vulnerabilities in IBM Storwize V7000 Unified Severity: Category I - VMSKEY: V0060983 |
2014-A-0172 | Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform Severity: Category I - VMSKEY: V0057381 |
2014-A-0114 | Multiple Vulnerabilities in Apache HTTP Server Severity: Category I - VMSKEY: V0053307 |
2014-A-0084 | Multiple Vulnerabilities in Apache HTTP Server Severity: Category I - VMSKEY: V0052631 |
2014-B-0065 | Multiple Vulnerabilities in IBM WebSphere Application Server Severity: Category I - VMSKEY: V0051617 |
2014-A-0030 | Apple Mac OS X Security Update 2014-001 Severity: Category I - VMSKEY: V0044547 |
2014-A-0009 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0043395 |
2013-A-0177 | Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform Severity: Category I - VMSKEY: V0040288 |
2013-A-0146 | Multiple Security Vulnerabilities in Apache HTTP Server Severity: Category I - VMSKEY: V0039573 |
2012-B-0048 | Multiple Vulnerabilities in HP Systems Insight Manager Severity: Category I - VMSKEY: V0032178 |
2012-B-0038 | Multiple Vulnerabilities in HP Onboard Administrator Severity: Category I - VMSKEY: V0031972 |
2011-B-0060 | Apache Portable Runtime Denial of Service Vulnerability Severity: Category II - VMSKEY: V0027639 |
2011-A-0066 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0027158 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | .cmd? access RuleID : 9791 - Type : SERVER-WEBAPP - Revision : 8 |
2014-01-10 | .bat? access RuleID : 976-community - Type : SERVER-WEBAPP - Revision : 21 |
2014-01-10 | .bat? access RuleID : 976 - Type : SERVER-WEBAPP - Revision : 21 |
2014-01-10 | phf access RuleID : 886-community - Type : SERVER-WEBAPP - Revision : 28 |
2014-01-10 | phf access RuleID : 886 - Type : SERVER-WEBAPP - Revision : 28 |
2014-01-10 | scriptalias access RuleID : 873 - Type : WEB-CGI - Revision : 10 |
2014-01-10 | test-cgi access RuleID : 835-community - Type : SERVER-WEBAPP - Revision : 26 |
2014-01-10 | test-cgi access RuleID : 835 - Type : SERVER-WEBAPP - Revision : 26 |
2014-01-10 | nph-test-cgi access RuleID : 829-community - Type : SERVER-WEBAPP - Revision : 24 |
2014-01-10 | nph-test-cgi access RuleID : 829 - Type : SERVER-WEBAPP - Revision : 24 |
2014-01-10 | Apache malformed ipv6 uri overflow attempt RuleID : 5715 - Type : SERVER-APACHE - Revision : 11 |
2021-01-12 | Apache Server mod_proxy Error Page cross site scripting attempt RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1 |
2020-01-21 | Apache httpd mod_remoteip heap buffer overflow attempt RuleID : 52494 - Type : SERVER-APACHE - Revision : 1 |
2019-10-17 | Apache cookie logging denial of service attempt RuleID : 51547 - Type : SERVER-APACHE - Revision : 1 |
2019-09-05 | Apache 2 mod_ssl Connection Abort denial of service attempt RuleID : 50883 - Type : SERVER-APACHE - Revision : 1 |
2018-06-05 | HTTP request smuggling attempt RuleID : 46495 - Type : SERVER-OTHER - Revision : 4 |
2018-05-24 | Apache mod_http2 NULL pointer dereference attempt RuleID : 46428 - Type : SERVER-APACHE - Revision : 4 |
2018-02-03 | Apache SSI error page cross-site scripting attempt RuleID : 45307 - Type : SERVER-APACHE - Revision : 2 |
2017-12-13 | Apache HTTP Server possible mod_dav.c remote denial of service vulnerability ... RuleID : 44808 - Type : INDICATOR-COMPROMISE - Revision : 2 |
2017-10-26 | Apache HTTP Server possible OPTIONS method memory leak attempt RuleID : 44434 - Type : SERVER-APACHE - Revision : 6 |
2017-08-31 | Apache mod_auth_digest out of bounds read attempt RuleID : 43790 - Type : SERVER-OTHER - Revision : 3 |
2017-08-17 | Apache httpd ap_find_token buffer overread attempt RuleID : 43587 - Type : SERVER-WEBAPP - Revision : 5 |
2017-08-15 | httpd mod_mime content-type buffer overflow attempt RuleID : 43547 - Type : SERVER-APACHE - Revision : 2 |
2017-05-09 | Apache mod_session_crypto padding oracle brute force attempt RuleID : 42133 - Type : SERVER-APACHE - Revision : 4 |
2017-03-28 | Apache HTTP Server mod_http2 denial of service attempt RuleID : 41688 - Type : SERVER-APACHE - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-49d3b42425.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-6744ca470d.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-6ffb18592f.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-9cdbb641f9.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-eec13e2e8d.nasl - Type: ACT_GATHER_INFO |
2018-12-17 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1104.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-1721.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2972.nasl - Type: ACT_GATHER_INFO |
2018-11-09 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1104.nasl - Type: ACT_GATHER_INFO |
2018-10-22 | Name: The remote Fedora host is missing a security update. File: fedora_2018-bb9d24c82d.nasl - Type: ACT_GATHER_INFO |
2018-09-27 | Name: The remote web server is affected by a denial of service vulnerability. File: apache_2_4_35.nasl - Type: ACT_GATHER_INFO |
2018-09-27 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e182c076c18911e8a6d2b499baebfeaf.nasl - Type: ACT_GATHER_INFO |
2018-09-11 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0089.nasl - Type: ACT_GATHER_INFO |
2018-09-05 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0181.nasl - Type: ACT_GATHER_INFO |
2018-08-24 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1062.nasl - Type: ACT_GATHER_INFO |
2018-08-24 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1062.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0027.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0126.nasl - Type: ACT_GATHER_INFO |
2018-08-16 | Name: The remote web server is affected by multiple vulnerabilities. File: apache_2_4_34.nasl - Type: ACT_GATHER_INFO |
2018-07-30 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c3dc008c54.nasl - Type: ACT_GATHER_INFO |
2018-07-24 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0037.nasl - Type: ACT_GATHER_INFO |
2018-07-24 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0039.nasl - Type: ACT_GATHER_INFO |
2018-07-20 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-199-01.nasl - Type: ACT_GATHER_INFO |