Exposure of Apache HTTP Server
Web servers536
exposure score
1,583,700
sites use
5
exploited
16
critical
CVEs
169 resultsCVE-2022-29404—Denial of service in mod_lua r:parsebodyEPSS 5.6%CVE-2022-30556—Information Disclosure in mod_lua with websocketsEPSS 4.7%CVE-2025-53020HIGHApache HTTP Server: HTTP/2 DoS by Memory IncreaseEPSS 4.4%CVE-2022-28614—read beyond bounds via ap_rwrite()EPSS 4.4%CVE-2024-40725MEDIUMApache HTTP Server: source code disclosure with handlers configured via AddTypeEPSS 4.1%CVE-2023-38709HIGHApache HTTP Server: HTTP response splittingEPSS 3.9%CVE-2006-20001—Apache HTTP Server: mod_dav out of bounds read, or write of zero byteEPSS 3.5%CVE-2022-28330—read beyond bounds in mod_isapiEPSS 3.4%CVE-2024-38477HIGHApache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious requestEPSS 3.2%CVE-2022-31813—mod_proxy X-Forwarded-For dropped by hop-by-hop mechanismEPSS 3.1%CVE-2023-45802—Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RSTEPSS 3.0%CVE-2023-31122—Apache HTTP Server: mod_macro buffer over-readEPSS 3.0%CVE-2024-24795MEDIUMApache HTTP Server: HTTP Response Splitting in multiple modulesEPSS 2.9%CVE-2019-15600—A Path traversal exists in http_server which allows an attacker to read arbitrary system files.EPSS 2.5%CVE-2024-38474HIGHApache HTTP Server weakness with encoded question marks in backreferencesEPSS 2.5%CVE-2023-27522HIGHApache HTTP Server: mod_proxy_uwsgi HTTP response splittingEPSS 2.1%CVE-2018-2760—Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affecEPSS 2.1%CVE-2018-2561—Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affeEPSS 2.0%CVE-2022-36760CRITICALApache HTTP Server: mod_proxy_ajp Possible request smugglingEPSS 1.9%CVE-2024-36387MEDIUMApache HTTP Server: DoS by Null pointer in websocket over HTTP/2EPSS 1.7%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →