Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache HTTP Server — Vulnerabilities & Security Advisories 109

All 109 CVE vulnerabilities found in Apache HTTP Server, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2023-45802 Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST CWE-404 5.9 -2023-10-23
CVE-2023-27522 Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting CWE-444 5.3 -2023-03-07
CVE-2023-25690 Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy CWE-444 6.5 -2023-03-07
CVE-2022-37436 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting CWE-113 7.5 -2023-01-17
CVE-2022-36760 Apache HTTP Server: mod_proxy_ajp Possible request smuggling CWE-444 3.7 -2023-01-17
CVE-2006-20001 Apache HTTP Server: mod_dav out of bounds read, or write of zero byte CWE-787 7.5 -2023-01-17
CVE-2022-31813 mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism CWE-348 9.8 -2022-06-08
CVE-2022-30556 Information Disclosure in mod_lua with websockets CWE-200--2022-06-08
CVE-2022-30522 mod_sed denial of service CWE-789 7.5 -2022-06-08
CVE-2022-29404 Denial of service in mod_lua r:parsebody CWE-770 7.5 -2022-06-08
CVE-2022-28615 Read beyond bounds in ap_strcmp_match() CWE-190 9.1 -2022-06-08
CVE-2022-28614 read beyond bounds via ap_rwrite() CWE-190 5.3 -2022-06-08
CVE-2022-28330 read beyond bounds in mod_isapi CWE-125 5.3 -2022-06-08
CVE-2022-26377 mod_proxy_ajp: Possible request smuggling CWE-444 3.7 -2022-06-08
CVE-2022-23943 mod_sed: Read/write beyond bounds CWE-787 9.1 -2022-03-14
CVE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody CWE-190 9.1 -2022-03-14
CVE-2022-22720 HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier CWE-444 9.8 -2022-03-14
CVE-2022-22719 mod_lua Use of uninitialized value of in r:parsebody CWE-665 7.5 -2022-03-14
CVE-2021-44224 Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier CWE-476 8.2 -2021-12-20
CVE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier CWE-787 9.8 -2021-12-20
CVE-2021-42013 Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) CWE-22 9.8 -2021-10-07
CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 CWE-22 9.1 -2021-10-05
CVE-2021-41524 null pointer dereference in h2 fuzzing CWE-476 7.5 -2021-10-05
CVE-2021-40438 mod_proxy SSRF CWE-918 8.1 -2021-09-16
CVE-2021-39275 ap_escape_quotes buffer overflow 9.8 -2021-09-16
CVE-2021-36160 mod_proxy_uwsgi out of bound read CWE-125 7.5 -2021-09-16
CVE-2021-34798 NULL pointer dereference in httpd core CWE-476 7.5 -2021-09-16
CVE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy 7.5 -2021-08-16
CVE-2021-31618 NULL pointer dereference on specially crafted HTTP/2 request CWE-476 7.5 -2021-06-15
CVE-2021-30641 Unexpected URL matching with 'MergeSlashes OFF' 5.3 -2021-06-10

All 109 known CVE vulnerabilities affecting Apache HTTP Server with full Chinese analysis, references, and POCs where available.