Critical 10.0
2010-03-05≤ 2.2.14
Apache 2.2
Critical 9.8 Unfixed
2018-03-26≤ 2.2.34
httpd: Weak Digest auth nonce generation in mod_auth_digest
Critical 9.8
2017-06-20< 2.2.34
httpd: mod_mime buffer overread
Critical 9.8
2017-06-20< 2.2.33
httpd: mod_ssl NULL pointer dereference
Critical 9.8
2017-06-20< 2.2.33
httpd: ap_get_basic_auth_pw() authentication bypass
Critical 9.1
2017-07-13< 2.2.34
httpd: Uninitialized memory reflection in mod_auth_digest
High 8.1
2016-07-19< 2.2.32
HTTPD: sets environmental variable based on user supplied Proxy request header
High 7.8
2008-01-12< 2.2.7
High 7.8
2011-08-29< 2.2.20
httpd: multiple ranges DoS
High 7.6
2006-07-28< 2.2.3
High 7.5 Unfixed
0000-00-00≤ 2.2.34
Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled
High 7.5
2009-01-22≤ 2.2.6
mod_auth_mysql: character encoding SQL injection flaw
High 7.5 Unfixed
2018-03-26≤ 2.2.34
httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values
High 7.5
2009-06-06< 2.2.12
apr-util billion laughs attack
High 7.5
2009-10-13< 2.2.14
(apr): Improper pollset feature error handling on Solaris - DoS (hang)
High 7.5
2017-07-27< 2.2.32
httpd: Apache HTTP Request Parsing Whitespace Defects
High 7.5
2017-06-20= 2.2.32
httpd: ap_find_token() buffer overread
High 7.5
2017-09-18< 2.2.35
httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)
High 7.4 Unfixed
2025-07-10≤ 2.2.34
Apache HTTP Server: mod_ssl TLS upgrade attack
High 7.1
2009-07-10< 2.2.12
httpd: possible temporary DoS (CPU consumption) in mod_deflate
High 7.1
2009-07-05< 2.2.12
httpd: mod_proxy reverse proxy DoS (infinite loop)
Medium 6.9
2012-04-18< 2.2.23
httpd: insecure handling of LD_LIBRARY_PATH in envvars
Medium 6.8
2006-10-16≤ 2.2.3
Medium 6.8
2014-07-20< 2.2.29
httpd: mod_status heap-based buffer overflow
Medium 6.5
2018-07-26= 2.2.15
httpd: # character matches all IPs
Medium 6.4
2009-06-06< 2.2.12
apr-util single NULL byte buffer overflow
Medium 6.2
2007-04-13= 2.2.3
Medium 6.1
2007-09-14< 2.2.6
mod_autoindex XSS
Medium 6.1
2018-08-14< 2.2.32
mod_userdir CRLF injection
Medium 5.8
2009-11-09≤ 2.2.14
TLS: MITM attacks via session renegotiation
Medium 5.4
2006-01-06< 2.2.2
security flaw
Medium 5.1
2013-06-10< 2.2.25
httpd: mod_rewrite allows terminal escape sequences to be written to the log file
Medium 5.0
2011-12-27≤ 2.2.14
httpd: Apache Slowloris denial of service
Medium 5.0
2014-04-15≤ 2.2.27
httpd: bypass of mod_headers rules via chunked requests
Medium 5.0
2007-08-23< 2.2.6
httpd: out of bounds read
Medium 5.0
2007-06-27< 2.2.6
httpd mod_cache segfault
Medium 5.0
2007-06-04< 2.2.6
Medium 5.0
2008-06-13< 2.2.9
httpd: mod_proxy_http DoS via excessive interim responses from the origin server
Medium 5.0
2010-08-05= 2.2.9
httpd: Reverse proxy sends wrong responses after time-outs
Medium 5.0
2009-04-23= 2.2.11
httpd mod_proxy_ajp information disclosure
Medium 5.0
2009-09-08< 2.2.14
httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
Medium 5.0
2010-03-05< 2.2.15
httpd: mod_proxy_ajp remote temporary DoS
Medium 5.0
2010-06-18≥ 2.2.9 and ≤ 2.2.15
(mod_proxy): Sensitive response disclosure due improper handling of timeouts
Medium 5.0
2010-07-28< 2.2.16
mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments
Medium 5.0
2010-10-04< 2.2.17
apr-util: high memory consumption in apr_brigade_split_line()
Medium 5.0
2009-11-03≥ 2.2.0 and < 2.2.17
expat: buffer over-read and crash on XML with malformed UTF-8 sequences
Medium 5.0
2009-12-04< 2.2.17
expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences
Medium 5.0
2012-11-30≥ 2.2.12 and ≤ 2.2.21
httpd: mod_proxy_ajp worker moved to error state when timeout exceeded
Medium 5.0
2011-10-05< 2.2.22
httpd: reverse web proxy vulnerability
Medium 5.0
2014-03-18< 2.2.27
httpd: mod_log_config does not properly handle logging certain cookies resulting in DoS
Medium 5.0
2014-03-18< 2.2.27
httpd: mod_dav denial of service via crafted DAV WRITE request
Medium 5.0
2014-07-20< 2.2.29
httpd: mod_cgid denial of service
Medium 4.9
2007-06-20= 2.2.4
Medium 4.9
2009-05-28< 2.2.12
httpd: AllowOverride Options=IncludesNoExec allows Options Includes
Medium 4.7
2007-06-20< 2.2.6
httpd scoreboard lack of PID protection
Medium 4.6
2012-01-18< 2.2.22
httpd: possible crash on shutdown due to flaw in scoreboard handling
Medium 4.4
2007-04-13= 2.2.3
Medium 4.4
2011-11-08≤ 2.2.21
httpd: ap_pregsub Integer overflow to buffer overflow
Medium 4.3
2006-08-14≥ 2.2.2 and ≤ 2.2.3
Medium 4.3
2007-12-21= 2.2.6
When document is on smbfs, a trailing backslash at the end of file name bypasses content type match
Medium 4.3
2008-01-25< 2.2.23
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Medium 4.3
2007-12-03≤ 2.2.4
httpd: Garbage before http method name is not escaped in a reply in case of errorneous request
Medium 4.3
2008-05-13≤ 2.2.4
httpd: XSS via UTF-7 encoded urls on the 403 Forbidden error page
Medium 4.3
2011-05-24= 2.2.18
apr: DoS flaw in apr_fnmatch() due to fix for CVE-2011-0419
Medium 4.3
2011-11-30< 2.2.18
httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix
Medium 4.3
2005-12-13< 2.2.0
httpd cross-site scripting flaw in mod_imap
Medium 4.3
2007-06-27< 2.2.6
httpd mod_status XSS
Medium 4.3
2008-01-12< 2.2.8
mod_proxy_ftp XSS
Medium 4.3
2008-01-08< 2.2.7
apache mod_status cross-site scripting
Medium 4.3
2007-12-13< 2.2.8
httpd: mod_imagemap XSS
Medium 4.3
2008-01-12< 2.2.9
mod_proxy_balancer: mod_proxy_balancer CSRF
Medium 4.3
2008-08-06< 2.2.10
httpd: mod_proxy_ftp globbing XSS
Medium 4.3
2009-06-06< 2.2.12
apr-util heap buffer underwrite
Medium 4.3
2010-03-05< 2.2.15
httpd: request header information leak
Medium 4.3
2011-05-16< 2.2.19
apr: unconstrained recursion in apr_fnmatch
Medium 4.3
2011-09-19≥ 2.2.12 and ≤ 2.2.20
httpd: mod_proxy_ajp remote temporary DoS
Medium 4.3
2012-01-28< 2.2.22
httpd: cookie exposure due to error responses
Medium 4.3
2011-11-30≤ 2.2.21
httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix
Medium 4.3
2013-02-26< 2.2.24
httpd: XSS flaw in mod_proxy_balancer manager interface
Medium 4.3
2013-02-26< 2.2.24
httpd: multiple XSS flaws due to unescaped hostnames
Medium 4.3
2013-07-10< 2.2.25
httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav
Medium 4.3
2014-07-20< 2.2.29
httpd: mod_deflate denial of service
Medium 4.0
2008-01-08< 2.2.8
httpd mod_proxy_balancer crash
Low 3.7
2007-04-13= 2.2.3
Low 3.7
2015-07-20< 2.2.31
httpd: HTTP request smuggling attack against chunked request parser
Low 3.5
2008-01-08< 2.2.8
httpd mod_proxy_balancer cross-site scripting
Low 2.6
2008-01-25< 2.2.12
httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled
Low 2.6
2009-09-08< 2.2.14
httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
Low 2.6
2012-01-28≥ 2.2.17 and ≤ 2.2.21
httpd: NULL pointer dereference crash in mod_log_config
Low 2.6
2012-08-22< 2.2.23
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Low 1.2
2011-11-08≤ 2.2.21
httpd: SetEnvIf resource exhaustion
N/A
2009-08-06< 2.2.13