Exposição de Apache HTTP Server
Web servers536
score de exposição
1.583.700
sites usam
5
em exploração
16
críticos
CVEs
169 resultadosCVE-2019-0196—A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to aEPSS 19.3%CVE-2022-26377—mod_proxy_ajp: Possible request smugglingEPSS 18.9%CVE-2017-15710—In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the EPSS 18.2%CVE-2019-0220—A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slasEPSS 17.9%CVE-2018-1333—DoS for HTTP/2 connections by crafted requestsEPSS 17.1%CVE-2019-0217—In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a userEPSS 16.6%CVE-2019-10082—In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed,EPSS 16.5%CVE-2018-1312—In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not coEPSS 15.9%CVE-2018-1301—A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size liEPSS 15.6%CVE-2019-10081—HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the EPSS 14.6%CVE-2018-1302—When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer poEPSS 13.4%CVE-2016-8743—Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response liEPSS 13.3%CVE-2020-13938—Improper Handling of Insufficient PrivilegesEPSS 11.8%CVE-2019-0215—In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 EPSS 10.5%CVE-2026-49975HIGHApache HTTP Server: mod_http2 denial of serviceEPSS 10.4%CVE-2018-1283—In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the defaEPSS 10.1%CVE-2017-9789—When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has beenEPSS 9.5%CVE-2019-0197—A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 oEPSS 8.4%CVE-2020-11985—IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewEPSS 5.9%CVE-2022-28615CRITICALRead beyond bounds in ap_strcmp_match()EPSS 5.7%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →