Exposure of Apache HTTP Server
Web servers536
exposure score
1,583,700
sites use
5
exploited
16
critical
CVEs
169 resultsCVE-2021-40438CRITICALmod_proxy SSRFEPSS 100.0%KEVCVE-2021-41773HIGHPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49EPSS 100.0%KEVCVE-2021-42013CRITICALPath Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)EPSS 100.0%KEVCVE-2024-38475CRITICALApache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.EPSS 100.0%KEVCVE-2019-0211HIGHIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes orEPSS 65.0%KEVCVE-2021-44790—Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlierEPSS 97.1%CVE-2017-9798—Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, oEPSS 95.0%CVE-2024-27316HIGHApache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation framesEPSS 91.3%CVE-2022-30522—mod_sed denial of serviceEPSS 90.4%CVE-2020-11984—Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCEEPSS 90.0%CVE-2020-9490—Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a EPSS 89.7%CVE-2017-15715—In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, raEPSS 86.0%CVE-2023-25690CRITICALApache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxyEPSS 83.8%CVE-2021-44224—Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlierEPSS 82.3%CVE-2019-10092—In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could EPSS 81.5%CVE-2016-8740—The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrictEPSS 79.1%CVE-2019-10098—In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by enEPSS 74.0%CVE-2018-1303—A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while EPSS 70.8%CVE-2023-43622—Apache HTTP Server: DoS in HTTP/2 with initial windows size 0EPSS 70.6%CVE-2022-22719—mod_lua Use of uninitialized value of in r:parsebodyEPSS 69.8%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →