apache2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the apache2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Server-Side Request Forgery (SSRF)	<2.4.66-r0
L Integer Overflow or Wraparound	<2.4.66-r0
L CVE-2025-66200	<2.4.66-r0
L Improper Neutralization	<2.4.66-r0
L Information Exposure	<2.4.66-r0
L Improper Input Validation	<2.4.64-r0
L Improper Authentication	<2.4.64-r0
L Reachable Assertion	<2.4.64-r0
L Server-Side Request Forgery (SSRF)	<2.4.64-r0
L NULL Pointer Dereference	<2.4.60-r0
L CVE-2024-39884	<2.4.61-r0
L Incorrect Check of Function Return Value	<2.4.65-r0
L Server-Side Request Forgery (SSRF)	<2.4.64-r0
L Improper Access Control	<2.4.64-r0
C CVE-2024-38476	<2.4.60-r0
C Improper Encoding or Escaping of Output	<2.4.60-r0
C Improper Encoding or Escaping of Output	<2.4.60-r0
H NULL Pointer Dereference	<2.4.60-r0
L Improper Input Validation	<2.4.60-r0
H Server-Side Request Forgery (SSRF)	<2.4.62-r0
L Improper Neutralization	<2.4.64-r0
L CVE-2024-24795	<2.4.59-r0
M CVE-2024-40725	<2.4.62-r0
H HTTP Request Smuggling	<2.4.56-r0
H Allocation of Resources Without Limits or Throttling	<2.4.59-r0
M Improper Resource Shutdown or Release	<2.4.58-r0
L Improper Encoding or Escaping of Output	<2.4.60-r0
H Resource Exhaustion	<2.4.58-r0
L CVE-2023-38709	<2.4.59-r0
H Out-of-bounds Read	<2.4.58-r0
H Allocation of Resources Without Limits or Throttling	<2.4.54-r0
C HTTP Request Smuggling	<2.4.56-r0
L Memory Leak	<2.4.64-r0
M HTTP Response Splitting	<2.4.55-r0
M Out-of-bounds Read	<2.4.54-r0
H CVE-2022-30556	<2.4.54-r0
C Buffer Overflow	<2.4.49-r0
C Insufficient Verification of Data Authenticity	<2.4.54-r0
M Integer Overflow or Wraparound	<2.4.54-r0
C HTTP Request Smuggling	<2.4.53-r0
C Integer Overflow or Wraparound	<2.4.54-r0
H Improper Initialization	<2.4.53-r0
H CVE-2021-33193	<2.4.49-r0
L CVE-2024-38472	<2.4.60-r0
H Directory Traversal	<2.4.50-r0
H NULL Pointer Dereference	<2.4.49-r0
C Integer Overflow or Wraparound	<2.4.53-r0
C Out-of-bounds Write	<2.4.53-r0
H NULL Pointer Dereference	<2.4.48-r0
H NULL Pointer Dereference	<2.4.48-r0
C Server-Side Request Forgery (SSRF)	<2.4.49-r0
C HTTP Request Smuggling	<2.4.55-r0
H NULL Pointer Dereference	<2.4.50-r0
H Allocation of Resources Without Limits or Throttling	<2.4.54-r0
H Resource Exhaustion	<2.4.48-r0
C Buffer Overflow	<2.4.46-r0
H NULL Pointer Dereference	<2.4.52-r0
C Out-of-bounds Write	<2.4.52-r0
M Missing Authorization	<2.4.48-r0
H HTTP Request Smuggling	<2.4.54-r0
H Out-of-bounds Read	<2.4.49-r0
C Directory Traversal	<2.4.51-r0
M CVE-2021-30641	<2.4.48-r0
H Out-of-bounds Write	<2.4.48-r0
H HTTP Request Smuggling	<2.4.46-r0
M Open Redirect	<2.4.43-r0
H NULL Pointer Dereference	<2.4.48-r0
H HTTP Request Smuggling	<2.4.46-r0
C Out-of-bounds Write	<2.4.48-r0
H Out-of-bounds Write	<2.4.41-r0
H Out-of-bounds Write	<2.4.41-r0
M Use After Free	<2.4.39-r0
M Resource Exhaustion	<2.4.38-r0
H Resource Exhaustion	<2.4.34-r0
M Out-of-Bounds	<2.4.33-r0
M Use of Uninitialized Resource	<2.4.43-r0
M HTTP Request Smuggling	<2.4.39-r0
H CVE-2019-0190	<2.4.38-r0
C Use After Free	<2.4.41-r0
H Session Fixation	<2.4.38-r0
M CVE-2018-11763	<2.4.35-r0
H Race Condition	<2.4.39-r0
H NULL Pointer Dereference	<2.4.34-r0
M Cross-site Scripting (XSS)	<2.4.41-r0
M CVE-2018-1283	<2.4.33-r0
M Open Redirect	<2.4.41-r0
H CVE-2019-0215	<2.4.39-r0
H Out-of-bounds Write	<2.4.33-r0
C Improper Authentication	<2.4.33-r0
H Allocation of Resources Without Limits or Throttling	<2.4.41-r0
C Improper Authentication	<2.4.26-r0
H Improper Input Validation	<2.4.33-r0
H NULL Pointer Dereference	<2.4.26-r0
M NULL Pointer Dereference	<2.4.33-r0
H Out-of-bounds Read	<2.4.33-r0
H Use After Free	<2.4.39-r0
M Use of Incorrectly-Resolved Name or Reference	<2.4.39-r0
H Use After Free	<2.4.27-r1
H Improper Input Validation	<2.4.26-r0
C Out-of-Bounds	<2.4.26-r0
C NULL Pointer Dereference	<2.4.26-r0

Vulnerability

Vulnerable Version

Server-Side Request Forgery (SSRF)

<2.4.66-r0