apache2 (SUSE:Linux Enterprise Server for SAP Applications 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 package apache2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2016-5387 — CVSS 8.1 (high): The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of…
CVE-2014-3581 — CVSS 5.0 (medium): The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows…
CVE-2014-8111 — CVSS 5.0 (medium): Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote…
CVE-2013-5704 — CVSS 5.0 (medium): The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a…
CVE-2015-3183 — CVSS 5.0 (medium): The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows…
CVE-2015-0228 — CVSS 5.0 (medium): The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to…
CVE-2015-3185 — CVSS 4.3 (medium): The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require…
CVE-2014-8109 — CVSS 4.3 (medium): mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which…
CVE-2015-4000 — CVSS 3.7 (low): The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a…