Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-3183 | 5.0 |
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large c
|
14-12-2023 - 14:06 | 20-07-2015 - 23:59 | |
CVE-2014-3581 | 5.0 |
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP
|
07-09-2022 - 17:34 | 10-10-2014 - 10:55 | |
CVE-2013-5704 | 5.0 |
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a s
|
14-04-2022 - 16:47 | 15-04-2014 - 10:55 | |
CVE-2015-3185 | 4.3 |
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote
|
06-06-2021 - 11:15 | 20-07-2015 - 23:59 |