Apache Http Server vulnerabilities

CVE-2017-7679 [CRITICAL] CWE-126 CVE-2017-7679: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

CVE-2017-7668 [HIGH] CWE-126 CVE-2017-7668: The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token li The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

CVE-2016-8740 [HIGH] CWE-20 CVE-2016-8740: The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configurati The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

CVE-2016-5387 [HIGH] CVE-2016-5387: The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka

CVE-2016-4979 [HIGH] CWE-284 CVE-2016-4979: The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not prope The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renego

CVE-2016-1546 [MEDIUM] CWE-399 CVE-2016-1546: The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of si The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.

CVE-2015-0253 [MEDIUM] CVE-2015-0253: The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initia The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400

CVE-2015-3183 [MEDIUM] CWE-17 CVE-2015-3183: The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

CVE-2015-3185 [MEDIUM] CWE-264 CVE-2015-3185: The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the pres

CVE-2015-0228 [MEDIUM] CWE-20 CVE-2015-0228: The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server thr The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

CVE-2014-8109 [MEDIUM] CWE-863 CVE-2014-8109: mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not su mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multi

CVE-2014-3583 [MEDIUM] CWE-119 CVE-2014-3583: The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Serv The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

CVE-2014-3581 [MEDIUM] CWE-476 CVE-2014-3581: The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Ap The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

CVE-2014-0117 [MEDIUM] CWE-20 CVE-2014-0117: The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.

CVE-2014-3523 [MEDIUM] CWE-399 CVE-2014-3523: Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.

CVE-2014-0226 [MEDIUM] CWE-362 CVE-2014-0226: Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attack Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/

CVE-2014-0231 [MEDIUM] CWE-399 CVE-2014-0231: The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

CVE-2013-4352 [MEDIUM] CVE-2013-4352: The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.

CVE-2014-0118 [MEDIUM] CWE-400 CVE-2014-0118: The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

CVE-2013-5704 [MEDIUM] CVE-2013-5704: The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHe The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."