Exposure of Apache HTTP Server
Web servers536
exposure score
1,583,700
sites use
5
exploited
16
critical
CVEs
169 resultsCVE-2025-65082MEDIUMApache HTTP Server: CGI environment variable overrideEPSS 0.8%CVE-2026-28780CRITICALApache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()EPSS 0.7%CVE-2019-5457—Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execuEPSS 0.7%CVE-2025-54090MEDIUMApache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64EPSS 0.7%CVE-2026-34356HIGHApache HTTP Server: ProxyPassReverseCookieMap buffer overflowEPSS 0.7%CVE-2024-42516HIGHApache HTTP Server: HTTP response splittingEPSS 0.7%CVE-2024-47252HIGHApache HTTP Server: mod_ssl error log variable escapingEPSS 0.7%CVE-2026-29167CRITICALApache HTTP Server: mod_ldap per-dir use-after-freeEPSS 0.7%CVE-2026-24072HIGHApache HTTP Server: mod_rewrite elevation of privileges via ap_exprEPSS 0.7%CVE-2022-21593HIGHVulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affeEPSS 0.6%CVE-2026-29168HIGHApache HTTP Server: mod_md unrestricted OCSP responseEPSS 0.6%CVE-2014-125098MEDIUMDart http_server Directory Listing virtual_directory.dart VirtualDirectory cross site scriptingEPSS 0.6%CVE-2026-29169HIGHApache HTTP Server: mod_dav_lock indirect lock crashEPSS 0.6%CVE-2026-24469HIGHC++ HTTP Server has Critical Path Traversal Vulnerability in RequestHandler Allowing Arbitrary File ReadEPSS 0.6%CVE-2024-20991MEDIUMVulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affecEPSS 0.6%CVE-2025-66200MEDIUMApache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfoEPSS 0.6%CVE-2026-34355HIGHApache HTTP Server: mod_proxy_html buffer overflowEPSS 0.6%CVE-2026-44186HIGHApache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftpEPSS 0.6%CVE-2026-33006MEDIUMApache HTTP Server: mod_auth_digest timing attackEPSS 0.6%CVE-2026-42535CRITICALApache HTTP Server: mod_dav_fs protected directory accessEPSS 0.5%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →