Search Results (Refine Search)
- CPE Product Version: cpe:/a:apache:http_server:2.4.3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-3523 |
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests. Published: July 20, 2014; 7:12:50 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0231 |
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. Published: July 20, 2014; 7:12:48 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0226 |
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. Published: July 20, 2014; 7:12:48 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-0118 |
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. Published: July 20, 2014; 7:12:48 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5704 |
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." Published: April 15, 2014; 6:55:11 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0098 |
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. Published: March 18, 2014; 1:18:18 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-6438 |
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. Published: March 18, 2014; 1:18:18 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-2249 |
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. Published: July 23, 2013; 1:20:43 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-1896 |
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. Published: July 10, 2013; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4558 |
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. Published: February 26, 2013; 11:55:01 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-3499 |
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. Published: February 26, 2013; 11:55:01 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |