Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache HTTP Server — Vulnerabilities & Security Advisories 120

All 120 CVE vulnerabilities found in Apache HTTP Server, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2024-38476 Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect CWE-829 9.1AICriticalAI2024-07-01
CVE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. CWE-116 9.8AICriticalAI2024-07-01
CVE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences CWE-116 9.8AICriticalAI2024-07-01
CVE-2024-38473 Apache HTTP Server proxy encoding problem CWE-116 9.8AICriticalAI2024-07-01
CVE-2024-38472 Apache HTTP Server on WIndows UNC SSRF CWE-918 7.5AIHighAI2024-07-01
CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 CWE-476 7.5AIHighAI2024-07-01
CVE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames CWE-770 7.5 -2024-04-04
CVE-2024-24795 Apache HTTP Server: HTTP Response Splitting in multiple modules CWE-113 9.1 -2024-04-04
CVE-2023-38709 Apache HTTP Server: HTTP response splitting 7.5 -2024-04-04
CVE-2023-31122 Apache HTTP Server: mod_macro buffer over-read CWE-125 7.5 -2023-10-23
CVE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 CWE-400 7.5 -2023-10-23
CVE-2023-45802 Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST CWE-404 5.9 -2023-10-23
CVE-2023-27522 Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting CWE-444 5.3 -2023-03-07
CVE-2023-25690 Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy CWE-444 6.5 -2023-03-07
CVE-2022-37436 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting CWE-113 7.5 -2023-01-17
CVE-2022-36760 Apache HTTP Server: mod_proxy_ajp Possible request smuggling CWE-444 3.7 -2023-01-17
CVE-2006-20001 Apache HTTP Server: mod_dav out of bounds read, or write of zero byte CWE-787 7.5 -2023-01-17
CVE-2022-31813 mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism CWE-348 9.8 -2022-06-08
CVE-2022-30556 Information Disclosure in mod_lua with websockets CWE-200--2022-06-08
CVE-2022-30522 mod_sed denial of service CWE-789 7.5 -2022-06-08
CVE-2022-29404 Denial of service in mod_lua r:parsebody CWE-770 7.5 -2022-06-08
CVE-2022-28615 Read beyond bounds in ap_strcmp_match() CWE-190 9.1 -2022-06-08
CVE-2022-28614 read beyond bounds via ap_rwrite() CWE-190 5.3 -2022-06-08
CVE-2022-28330 read beyond bounds in mod_isapi CWE-125 5.3 -2022-06-08
CVE-2022-26377 mod_proxy_ajp: Possible request smuggling CWE-444 3.7 -2022-06-08
CVE-2022-23943 mod_sed: Read/write beyond bounds CWE-787 9.1 -2022-03-14
CVE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody CWE-190 9.1 -2022-03-14
CVE-2022-22720 HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier CWE-444 9.8 -2022-03-14
CVE-2022-22719 mod_lua Use of uninitialized value of in r:parsebody CWE-665 7.5 -2022-03-14
CVE-2021-44224 Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier CWE-476 8.2 -2021-12-20

All 120 known CVE vulnerabilities affecting Apache HTTP Server with full Chinese analysis, references, and POCs where available.