Every CVE whose affected-product data names Apache Http Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2003-0789 — CVSS 10.0 (critical): mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send…
CVE-2004-0492 — CVSS 10.0 (critical): Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service…
CVE-1999-1237 — CVSS 10.0 (critical): Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows…
CVE-2010-0425 — CVSS 10.0 (critical): modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7…
CVE-1999-1293 — CVSS 10.0 (critical): mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache…
CVE-1999-1199 — CVSS 10.0 (critical): Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME…
CVE-2005-2700 — CVSS 10.0 (critical): ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not…
CVE-2017-7679 — CVSS 9.8 (critical): In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious…
CVE-2009-3555 — CVSS 9.8 (critical): The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in…
CVE-2024-38476 — CVSS 9.8 (critical): Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via…
CVE-2024-38474 — CVSS 9.8 (critical): Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories…
CVE-2023-25690 — CVSS 9.8 (critical): Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are…
CVE-2022-31813 — CVSS 9.8 (critical): Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header…
CVE-2022-23943 — CVSS 9.8 (critical): Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker…
CVE-2001-0766 — CVSS 9.8 (critical): Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains…
CVE-2022-22720 — CVSS 9.8 (critical): Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing…
CVE-2021-44790 — CVSS 9.8 (critical): A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The…
CVE-2026-44631 — CVSS 9.8 (critical): Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP…
CVE-2026-29167 — CVSS 9.8 (critical): Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from…
CVE-2026-28780 — CVSS 9.8 (critical): Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this…
CVE-2021-39275 — CVSS 9.8 (critical): ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these…
CVE-2021-26691 — CVSS 9.8 (critical): In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
CVE-2018-1312 — CVSS 9.8 (critical): In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not…
CVE-2017-3169 — CVSS 9.8 (critical): In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call…
CVE-2017-3167 — CVSS 9.8 (critical): In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the…
CVE-2026-42535 — CVSS 9.1 (critical): A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property…
CVE-2019-10082 — CVSS 9.1 (critical): In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being…
CVE-2025-23048 — CVSS 9.1 (critical): In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible…
CVE-2017-9788 — CVSS 9.1 (critical): In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not…
CVE-2022-28615 — CVSS 9.1 (critical): Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with…
CVE-2022-22721 — CVSS 9.1 (critical): If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens…
CVE-2022-36760 — CVSS 9.0 (critical): Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an…
CVE-2026-24072 — CVSS 8.8 (high): An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the…
CVE-2026-23918 — CVSS 8.8 (high): Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66…
CVE-2025-58098 — CVSS 8.3 (high): Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query…
CVE-2021-44224 — CVSS 8.2 (high): A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for…
CVE-2017-15715 — CVSS 8.1 (high): In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename…
CVE-2024-38473 — CVSS 8.1 (high): Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend…
CVE-2016-5387 — CVSS 8.1 (high): The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of…
CVE-2007-0086 — CVSS 7.8 (high): The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of…
CVE-2007-6423 — CVSS 7.8 (high): Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote…
CVE-2002-2272 — CVSS 7.8 (high): Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service…
CVE-2011-3192 — CVSS 7.8 (high): The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a…
CVE-2004-0940 — CVSS 7.8 (high): Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to…
CVE-2004-0747 — CVSS 7.8 (high): Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow…
CVE-2006-3747 — CVSS 7.6 (high): Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions…
CVE-2021-31618 — CVSS 7.5 (high): Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for…
CVE-1999-1053 — CVSS 7.5 (high): guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to…
CVE-2001-1449 — CVSS 7.5 (high): The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers…
CVE-2002-0061 — CVSS 7.5 (high): Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell…
CVE-2002-0257 — CVSS 7.5 (high): Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other…
CVE-2002-0392 — CVSS 7.5 (high): Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute…
CVE-2002-0661 — CVSS 7.5 (high): Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files…
CVE-2002-0843 — CVSS 7.5 (high): Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a…
CVE-2002-1850 — CVSS 7.5 (high): mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory…
CVE-2002-2029 — CVSS 7.5 (high): PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and…
CVE-2003-0016 — CVSS 7.5 (high): Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service…
CVE-2003-0987 — CVSS 7.5 (high): mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
CVE-2003-0993 — CVSS 7.5 (high): mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP…
CVE-2004-0174 — CVSS 7.5 (high): Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to…
CVE-2004-0488 — CVSS 7.5 (high): Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust…
CVE-2004-0811 — CVSS 7.5 (high): Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to…
CVE-2004-0885 — CVSS 7.5 (high): The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows…
CVE-2004-1082 — CVSS 7.5 (high): mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows…
CVE-2005-1344 — CVSS 7.5 (high): Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest…
CVE-2006-20001 — CVSS 7.5 (high): A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the…
CVE-2009-1955 — CVSS 7.5 (high): The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn…
CVE-2009-2699 — CVSS 7.5 (high): The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as…
CVE-2013-2249 — CVSS 7.5 (high): mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without…
CVE-2016-0736 — CVSS 7.5 (high): In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with…
CVE-2016-2161 — CVSS 7.5 (high): In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance…
CVE-2016-4979 — CVSS 7.5 (high): The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient…
CVE-2016-8740 — CVSS 7.5 (high): The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not…
CVE-2016-8743 — CVSS 7.5 (high): Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response…
CVE-2017-15710 — CVSS 7.5 (high): In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the…
CVE-2017-7659 — CVSS 7.5 (high): A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash…
CVE-2017-7668 — CVSS 7.5 (high): The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows…
CVE-2017-9789 — CVSS 7.5 (high): When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has…
CVE-2017-9798 — CVSS 7.5 (high): Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file…
CVE-2018-1303 — CVSS 7.5 (high): A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while…
CVE-2018-1333 — CVSS 7.5 (high): By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a…
CVE-2018-17199 — CVSS 7.5 (high): In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes…
CVE-2018-8011 — CVSS 7.5 (high): By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault…
CVE-2019-0190 — CVSS 7.5 (high): A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause…
CVE-2019-0215 — CVSS 7.5 (high): In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3…
CVE-2019-0217 — CVSS 7.5 (high): In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a…
CVE-2019-10081 — CVSS 7.5 (high): HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the…
CVE-2019-9517 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The…
CVE-2020-11993 — CVSS 7.5 (high): Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns…
CVE-2020-13950 — CVSS 7.5 (high): Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests…
CVE-2020-9490 — CVSS 7.5 (high): Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a…
CVE-2021-26690 — CVSS 7.5 (high): Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference…
CVE-2021-33193 — CVSS 7.5 (high): A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache…
CVE-2021-34798 — CVSS 7.5 (high): Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-36160 — CVSS 7.5 (high): A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects…
CVE-2021-41524 — CVSS 7.5 (high): While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source…
CVE-2022-22719 — CVSS 7.5 (high): A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache…
CVE-2022-26377 — CVSS 7.5 (high): Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an…
CVE-2022-29404 — CVSS 7.5 (high): In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due…
CVE-2022-30522 — CVSS 7.5 (high): If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large…
CVE-2022-30556 — CVSS 7.5 (high): Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage…
CVE-2023-27522 — CVSS 7.5 (high): HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through…
CVE-2023-31122 — CVSS 7.5 (high): Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
CVE-2023-43622 — CVSS 7.5 (high): An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in…
CVE-2024-27316 — CVSS 7.5 (high): HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a…
CVE-2024-38472 — CVSS 7.5 (high): SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or…
CVE-2024-38477 — CVSS 7.5 (high): null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious…
CVE-2024-39573 — CVSS 7.5 (high): Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly…
CVE-2024-40898 — CVSS 7.5 (high): SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious…
CVE-2024-42516 — CVSS 7.5 (high): HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of…
CVE-2024-43204 — CVSS 7.5 (high): SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker…
CVE-2024-43394 — CVSS 7.5 (high): Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via…
CVE-2024-47252 — CVSS 7.5 (high): Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to…
CVE-2025-3891 — CVSS 7.5 (high): A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial…
CVE-2025-49630 — CVSS 7.5 (high): In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered…
CVE-2025-53020 — CVSS 7.5 (high): Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up…
CVE-2025-55753 — CVSS 7.5 (high): An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations)…
CVE-2025-59775 — CVSS 7.5 (high): Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows…
CVE-2026-29169 — CVSS 7.5 (high): A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a…
CVE-2026-34059 — CVSS 7.5 (high): Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to…
CVE-2026-34355 — CVSS 7.5 (high): A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are…
CVE-2026-34356 — CVSS 7.5 (high): Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue…
CVE-2026-42536 — CVSS 7.5 (high): Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects…
CVE-2026-49975 — CVSS 7.5 (high): Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP…
CVE-2025-49812 — CVSS 7.4 (high): In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a…
CVE-2026-29168 — CVSS 7.3 (high): Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue…
CVE-2026-44186 — CVSS 7.3 (high): Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker…
CVE-2026-44185 — CVSS 7.3 (high): Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects…
CVE-2026-48913 — CVSS 7.3 (high): Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP…
CVE-2020-35452 — CVSS 7.3 (high): Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no…
CVE-2023-38709 — CVSS 7.3 (high): Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This…
CVE-2019-10097 — CVSS 7.2 (high): In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY"…
CVE-2004-2343 — CVSS 7.2 (high): Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives…
CVE-2003-0542 — CVSS 7.2 (high): Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration…
CVE-2002-0839 — CVSS 7.2 (high): The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1…
CVE-2009-1890 — CVSS 7.1 (high): The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is…
CVE-2009-1891 — CVSS 7.1 (high): The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network…
CVE-2012-0883 — CVSS 6.9 (medium): envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows…
CVE-2002-0840 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when…
CVE-2014-0226 — CVSS 6.8 (medium): Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service…
CVE-2006-4154 — CVSS 6.8 (medium): Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via…
CVE-2010-0010 — CVSS 6.8 (medium): Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit…
CVE-2025-65082 — CVSS 6.5 (medium): Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the…
CVE-2017-12171 — CVSS 6.5 (medium): A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny"…
CVE-2026-43951 — CVSS 6.5 (medium): Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects…
CVE-2026-33523 — CVSS 6.5 (medium): HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue…
CVE-2003-0192 — CVSS 6.4 (medium): Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory…
CVE-2009-1956 — CVSS 6.4 (medium): Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to…
CVE-2004-0493 — CVSS 6.4 (medium): The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and…
CVE-2024-24795 — CVSS 6.3 (medium): HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into…
CVE-2025-54090 — CVSS 6.3 (medium): A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to…
CVE-2024-39884 — CVSS 6.2 (medium): A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers…
CVE-2007-1741 — CVSS 6.2 (medium): Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local…
CVE-2019-10092 — CVSS 6.1 (medium): In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could…
CVE-2019-10098 — CVSS 6.1 (medium): In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by…
CVE-2026-29170 — CVSS 6.1 (medium): A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when…
CVE-2016-4975 — CVSS 6.1 (medium): Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made…
CVE-2007-4465 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated…
CVE-2020-1927 — CVSS 6.1 (medium): In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by…
CVE-2018-1302 — CVSS 5.9 (medium): When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer…
CVE-2018-11763 — CVSS 5.9 (medium): In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and…
CVE-2023-45802 — CVSS 5.9 (medium): When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed…
CVE-2016-1546 — CVSS 5.9 (medium): The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single…
CVE-2018-1301 — CVSS 5.9 (medium): A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size…
CVE-2026-44119 — CVSS 5.5 (medium): Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the…
CVE-2005-3357 — CVSS 5.4 (medium): mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote…
CVE-2024-36387 — CVSS 5.4 (medium): Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server…
CVE-2025-66200 — CVSS 5.4 (medium): mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader…
CVE-2019-17567 — CVSS 5.3 (medium): Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server…
CVE-2022-28614 — CVSS 5.3 (medium): The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect…
CVE-2022-28330 — CVSS 5.3 (medium): Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
CVE-2026-34032 — CVSS 5.3 (medium): Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66…
CVE-2018-1283 — CVSS 5.3 (medium): In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the…
CVE-2018-17189 — CVSS 5.3 (medium): In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that…
CVE-2020-11985 — CVSS 5.3 (medium): IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain…
CVE-2019-0196 — CVSS 5.3 (medium): A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to…
CVE-2026-33857 — CVSS 5.3 (medium): Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are…
CVE-2024-40725 — CVSS 5.3 (medium): A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration…
CVE-2026-33007 — CVSS 5.3 (medium): A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash…
CVE-2019-0220 — CVSS 5.3 (medium): A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive…
CVE-2022-37436 — CVSS 5.3 (medium): Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers…
CVE-2020-1934 — CVSS 5.3 (medium): In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2013-1862 — CVSS 5.1 (medium): mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing…
CVE-2009-1191 — CVSS 5.0 (medium): mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data…
CVE-2001-0042 — CVSS 5.0 (medium): PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded…
CVE-2009-3095 — CVSS 5.0 (medium): The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary…
CVE-2003-0134 — CVSS 5.0 (medium): Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of…