[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

Paid content will be excluded from the download.


Download | Alert*


oval:org.mitre.oval:def:8550
Apache HTTP Server 2.2.x 64-bit is installed on the system

oval:org.secpod.oval:def:41593
The host is installed with Apache HTTP Server 2.2.x through 2.2.32 or 2.4.x before 2.4.25 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle whitespace accepted from requests. Successful exploitation could allow remote attackers to perform reque ...

oval:org.secpod.oval:def:41600
The host is installed with Apache HTTP Server 2.2.x before 2.2.34 and 2.4.x before 2.4.27 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle mod_mime. Successful exploitation could allow remote attackers to leak confidential informati ...

oval:org.mitre.oval:def:6931
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive re ...

oval:org.mitre.oval:def:11491
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive re ...

oval:org.secpod.oval:def:202238
The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ...

oval:org.secpod.oval:def:2368
The host is installed with Apache HTTP Server 1.3.x or 2.0.x through 2.0.64 or 2.2.x through 2.2.19 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to prevent creation of multiple number of threads that use multiple range headers. Successful explo ...

oval:org.secpod.oval:def:1081
The host is installed with Apache HTTP Server and is prone to denial of service vulnerability. A flaw is present in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library, which fails to handle URIs that do not match unspecified types of wildcard patterns. Successfu ...

oval:org.secpod.oval:def:201849
The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ...

oval:org.secpod.oval:def:201893
The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ...

oval:org.mitre.oval:def:11683
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.

oval:org.secpod.oval:def:3310
The host is installed with Apache HTTP Server 2.0.x through 2.0.64 or 2.2.x through 2.2.21 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to interact with use of RewriteRule and ProxyPassMatch pattern matches for configuration of a reverse pro ...

oval:org.secpod.oval:def:500443
The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ...

oval:org.mitre.oval:def:8651
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

oval:org.mitre.oval:def:8690
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

oval:org.secpod.oval:def:4368
The host is installed with Apache HTTP Server before 2.2.21 and is prone to denial of service vulnerability. A flaw is present in the application, which is caused by an error in mod_proxy_ajp when used together with mod_proxy_balancer. Successful exploitation allows remote attackers to send speciall ...

oval:org.secpod.oval:def:1600283
Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user"s ...

oval:org.secpod.oval:def:500208
The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ...

oval:org.secpod.oval:def:6411
The host is installed with Apache 2.4.x before 2.4.2 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a zero-length directory name in the LD_LIBRARY_PATH. Successful exploitation could allow remote attackers to search the current directory ...

oval:org.secpod.oval:def:34690
The host is installed with Apache HTTP Server 2.2.x before 2.2.25 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle HTTP request containing an escape sequence for a terminal emulator. Successful exploitation could allow remote atta ...

oval:org.secpod.oval:def:34691
The host is installed with Apache HTTP Server before 2.4.5 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails by proceeding with save operations for a session without considering the dirty flag. Successful exploitation could allow remote attackers to an u ...

oval:org.secpod.oval:def:1500110
Updated httpd packages that fix two security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed ...

oval:org.secpod.oval:def:34689
The host is installed with Apache HTTP Server 2.2.12 through 2.2.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle expensive request. Successful exploitation could allow remote attackers to cause a denial of service (worker consumption) ...

oval:org.secpod.oval:def:16968
The host is installed with Apache HTTP Server 2.2.x before 2.2.25 and is prone to a denial of service vulnerability. The flaw is present in the application, which does not properly determine whether DAV is enabled for a URI via a MERGE request in which the URI is configured for handling by the mod_d ...

oval:org.secpod.oval:def:501054
The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ...

oval:org.secpod.oval:def:105756
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:1500169
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ...

oval:org.secpod.oval:def:701360
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:1500170
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ...

oval:org.secpod.oval:def:9407
The host is installed with Apache HTTP Server 2.2.x before 2.2.24-dev or 2.4.x before 2.4.4 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted string. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:9408
The host is installed with Apache HTTP Server 2.2.x before 2.2.24-dev or 2.4.x before 2.4.4 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the application, which fails to handle vectors involving hostnames and URIs in the mod_imagemap, mod_info, mod_lda ...

oval:org.secpod.oval:def:1600247
Multiple cross-site scripting vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via ...

oval:org.secpod.oval:def:202878
The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ...

oval:org.secpod.oval:def:202877
The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ...

oval:org.secpod.oval:def:701219
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:4371
The host is installed with Apache HTTP Server 2.2.x and before 2.2.22 and is prone to a denial of service vulnerability. A flaw is present in the application, due to improper handling of httpd child process status information. Successful exploitation could allow attackers to bypass certain security ...

oval:org.secpod.oval:def:34699
The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x before 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a request to a CGI script that does not read from its stdin file descriptor. Successful exploitatio ...

oval:org.secpod.oval:def:34698
The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x before 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted request that triggers improper scoreboard handling within the status_handler function in ...

oval:org.secpod.oval:def:34695
The host is installed with Apache HTTP Server 2.2.x through 2.2.26 or 2.4.x before 2.4.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted cookie during truncation. Successful exploitation could allow remote attackers to ...

oval:org.secpod.oval:def:34694
The host is installed with Apache HTTP Server 2.2.x through 2.2.26 or 2.4.x before 2.4.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly remove whitespace characters from CDATA sections. Successful exploitation could allow remote attac ...

oval:org.secpod.oval:def:500713
The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ...

oval:org.secpod.oval:def:3309
The host is installed with Apache HTTP Server 1.3.x through 1.3.42 or 2.0.x through 2.0.64 or 2.2.x through 2.2.21 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to interact with use of RewriteRule and ProxyPassMatch pattern matches for config ...

oval:org.secpod.oval:def:500745
The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ...

oval:org.secpod.oval:def:34686
The host is installed with Apache HTTP Server 2.2.x through 2.2.21 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict header information during construction of Bad Request (aka 400) error documents. Successful exploitation ...

oval:org.secpod.oval:def:1600004
It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, pos ...

oval:org.secpod.oval:def:501219
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ...

oval:org.secpod.oval:def:501221
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ...

oval:org.secpod.oval:def:3170
The host is installed with Apache HTTP Server 1.3.x through 1.3.42 or 2.0.x through 2.0.64 or 2.2.x through 2.2.21 and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by an error in mod_proxy when configured in reverse proxy mode and using the ...

oval:org.secpod.oval:def:34693
The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x through 2.4.10 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted data. Successful exploitation could allow remote attackers to bypass "RequestHead ...

oval:org.secpod.oval:def:47260
The host is installed with Apache HTTP Server 2.2.x before 2.2.32 or 2.4.x before 2.4.24 and is prone to a CRLF Injection vulnerability. A flaw is present in the application, which fails to handle the Location or other outbound header key or value. Successful exploitation could allow remote attacker ...

oval:org.secpod.oval:def:26138
The host is installed with Apache HTTP Server 2.2.x or 2.4.x before 2.4.14 and is prone to HTTP request smuggling attack vulnerabilities. The flaws are present in the chunked transfer coding implementation, which does not properly parse chunk headers. Successful exploitation will allow remote attack ...

oval:org.mitre.oval:def:8371
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

oval:org.mitre.oval:def:11713
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interi ...

oval:org.secpod.oval:def:500320
The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ...

oval:org.mitre.oval:def:8619
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted re ...

oval:org.secpod.oval:def:201742
The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ...

oval:org.secpod.oval:def:201748
The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ...

oval:org.mitre.oval:def:8695
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensiti ...

oval:org.secpod.oval:def:41598
The host is installed with Apache HTTP Server 2.2.32 and 2.4.24 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle ap_find_token(). Successful exploitation could allow remote attackers to cause a segmentation fault, or to force ap_find_token() t ...

oval:org.secpod.oval:def:41599
The host is installed with Apache HTTP Server 2.2.x before 2.2.33 or 2.4.x before 2.4.26 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle mod_mime. Successful exploitation could allow remote attackers to read one byte past the end of a buff ...

oval:org.secpod.oval:def:41596
The host is installed with Apache HTTP Server 2.2.x through 2.2.33 or 2.4.x before 2.4.26 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase. Success ...

oval:org.secpod.oval:def:41597
The host is installed with Apache HTTP Server 2.2.x before 2.2.33 or 2.4.x before 2.4.26 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle third-party modules. Successful exploitation could allow remote attackers to derefer ...

oval:org.secpod.oval:def:34697
The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x before 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails when request body decompression is enabled. Successful exploitation could allow remote attackers to cause a d ...

oval:org.secpod.oval:def:34685
The host is installed with Apache HTTP Server 2.2.17 through 2.2.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a %{}C format string. Successful exploitation could allow remote attackers to cause a denial of service (daemon ...

oval:org.mitre.oval:def:8439
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers ...

oval:org.mitre.oval:def:8394
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) ...

oval:org.secpod.oval:def:500675
The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ...

oval:org.mitre.oval:def:8704
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then ...

oval:org.mitre.oval:def:8261
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

oval:org.mitre.oval:def:7716
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last direct ...

oval:org.secpod.oval:def:202112
The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ...

oval:org.mitre.oval:def:8616
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:500531
The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ...

oval:org.secpod.oval:def:202212
The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ...

oval:org.secpod.oval:def:202155
The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ...

oval:org.mitre.oval:def:8662
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pac ...

oval:org.secpod.oval:def:201984
The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ...

oval:org.mitre.oval:def:8087
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.

oval:org.mitre.oval:def:8632
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

oval:org.secpod.oval:def:202198
The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ...

oval:org.secpod.oval:def:202179
The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ...

oval:org.secpod.oval:def:500700
The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ...

oval:org.secpod.oval:def:24274
The host is installed with Microsoft IE 11, Edge, Mozilla Firefox before 44.0 or Google Chrome before 48.0.2564.82 and is prone to a bar mitzvah attack vulnerability. A flaw is present in the RC4 algorithm, which does not properly combine state data with key data during the initialization phase. Suc ...

CVE    29
CVE-2007-6750
CVE-2016-8612
CVE-2006-4154
CVE-2006-3918
...
CCE    173
CCE-27826-7
CCE-27619-6
CCE-27781-4
CCE-27841-6
...
*CPE
cpe:/a:apache:http_server:2.2

© SecPod Technologies