Every CVE whose affected-product data names Ibm Http Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2004-0492 — CVSS 10.0 (critical): Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service…
CVE-2012-5955 — CVSS 10.0 (critical): Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers…
CVE-2010-0425 — CVSS 10.0 (critical): modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7…
CVE-2026-9170 — CVSS 9.8 (critical): IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation.
CVE-2015-4947 — CVSS 9.0 (critical): Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x…
CVE-2026-8855 — CVSS 8.1 (high): IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication…
CVE-2026-8834 — CVSS 8.0 (high): IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could…
CVE-2026-8856 — CVSS 7.7 (high): IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server…
CVE-2000-1168 — CVSS 7.5 (high): IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a…
CVE-2004-1082 — CVSS 7.5 (high): mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows…
CVE-2023-32342 — CVSS 7.5 (high): IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption…
CVE-2026-8850 — CVSS 7.5 (high): IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.
CVE-2026-8854 — CVSS 7.5 (high): IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.
CVE-2026-8835 — CVSS 7.3 (high): IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server…
CVE-2004-0493 — CVSS 6.4 (medium): The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and…
CVE-2026-8852 — CVSS 6.2 (medium): IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.
CVE-2023-26281 — CVSS 5.9 (medium): IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially…
CVE-2004-0263 — CVSS 5.0 (medium): PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache…
CVE-2001-0122 — CVSS 5.0 (medium): Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows…
CVE-2000-0505 — CVSS 5.0 (medium): The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a…
CVE-2002-1822 — CVSS 5.0 (medium): IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which…
CVE-2011-1360 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and…