Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-5387 | 6.8 |
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app
|
07-09-2022 - 17:40 | 19-07-2016 - 02:00 | |
CVE-2017-7668 | 5.0 |
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacke
|
21-04-2022 - 14:40 | 20-06-2017 - 01:29 | |
CVE-2017-9798 | 5.0 |
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2
|
06-06-2021 - 11:15 | 18-09-2017 - 15:29 | |
CVE-2017-7679 | 7.5 |
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
|
06-06-2021 - 11:15 | 20-06-2017 - 01:29 | |
CVE-2017-9788 | 6.4 |
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial ke
|
06-06-2021 - 11:15 | 13-07-2017 - 16:29 | |
CVE-2017-3169 | 7.5 |
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
|
06-06-2021 - 11:15 | 20-06-2017 - 01:29 | |
CVE-2017-3167 | 7.5 |
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
|
06-06-2021 - 11:15 | 20-06-2017 - 01:29 | |
CVE-2020-11985 | 4.3 |
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in
|
06-06-2021 - 11:15 | 07-08-2020 - 16:15 |