apache2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the apache2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Integer Overflow or Wraparound	*
L Improper Neutralization	*
L Information Exposure	*
L CVE-2025-66200	*
L Improper Neutralization	<2.4.64-1
L Improper Input Validation	<2.4.64-1
L Improper Encoding or Escaping of Output	<2.4.60-1
L Reachable Assertion	<2.4.64-1
L CVE-2024-39884	<2.4.61-1
L CVE-2023-38709	<2.4.59-1
C Improper Encoding or Escaping of Output	<2.4.60-1
H Allocation of Resources Without Limits or Throttling	<2.4.54-1
L Improper Access Control	<2.4.64-1
L CVE-2024-24795	<2.4.59-1
M CVE-2024-40725	<2.4.62-1
H NULL Pointer Dereference	<2.4.52-1
H NULL Pointer Dereference	<2.4.60-1
H NULL Pointer Dereference	<2.4.49-1
C CVE-2024-38476	<2.4.60-1
C Buffer Overflow	<2.4.49-1
C Out-of-bounds Write	<2.4.46-6
L Improper Authentication	<2.4.64-1
L NULL Pointer Dereference	<2.4.60-1
L Improper Input Validation	<2.4.60-1
L Server-Side Request Forgery (SSRF)	<2.4.64-1
H Resource Exhaustion	<2.4.58-1
C Out-of-bounds Write	<2.4.52-1
H HTTP Request Smuggling	<2.4.54-1
H HTTP Request Smuggling	<2.4.56-1
H Out-of-bounds Read	<2.4.49-1
H Out-of-bounds Read	<2.4.58-1
L Memory Leak	<2.4.64-1
C Server-Side Request Forgery (SSRF)	<2.4.49-1
C HTTP Request Smuggling	<2.4.55-1
H Allocation of Resources Without Limits or Throttling	<2.4.59-1
H NULL Pointer Dereference	<2.4.50-1
C Integer Overflow or Wraparound	<2.4.54-1
H Out-of-bounds Write	<2.4.46-6
L Use of Uninitialized Resource	<2.4.43-1
C Directory Traversal	<2.4.51-1
C Insufficient Verification of Data Authenticity	<2.4.54-1
H NULL Pointer Dereference	<2.4.46-6
H Improper Initialization	<2.4.53-1
M Insufficient Verification of Data Authenticity	<2.4.25-1
H Race Condition	<2.4.38-3
M NULL Pointer Dereference	<2.4.33-1
H Improper Input Validation	<2.4.33-1
H NULL Pointer Dereference	<2.4.46-5
H NULL Pointer Dereference	<2.4.46-6
H Allocation of Resources Without Limits or Throttling	<2.4.54-1
C Integer Overflow or Wraparound	<2.4.53-1
M Open Redirect	<2.4.41-1
M HTTP Request Smuggling	<2.4.38-3
H Improper Input Validation	<2.4.25-4
H CVE-2019-0215	<2.4.38-3
H Allocation of Resources Without Limits or Throttling	<2.4.41-1
H HTTP Request Smuggling	<2.4.46-1
C Improper Encoding or Escaping of Output	<2.4.60-1
H Use After Free	<2.4.38-3
C Use After Free	<2.4.41-1
H HTTP Request Smuggling	<2.4.46-1
H NULL Pointer Dereference	<2.4.34-1
M Use of Incorrectly-Resolved Name or Reference	<2.4.38-3
H CVE-2021-33193	<2.4.48-4
C Buffer Overflow	<2.4.46-1
M Resource Management Errors	<2.4.10-3
M Improper Resource Shutdown or Release	<2.4.58-1
C Improper Authentication	<2.4.25-4
M Resource Management Errors	<2.4.20-1
M HTTP Request Smuggling	<2.4.48-2
H Resource Exhaustion	<2.4.34-1
H Out-of-bounds Write	<2.4.41-1
L Open Redirect	<2.4.43-1
L Resource Exhaustion	<2.4.38-1
H CVE-2019-0190	<2.4.38-1
H Out-of-bounds Write	<2.4.41-1
H Improper Access Control	<2.4.23-1
M HTTP Response Splitting	<2.4.55-1
L Cryptographic Issues	<2.4.1-1
H Use After Free	<2.4.27-6
C Information Exposure	<2.4.27-1
L Improper Input Validation	<2.4.10-10
M CVE-2018-1283	<2.4.33-1
M Integer Overflow or Wraparound	<2.4.54-1
L Session Fixation	<2.4.38-1
C Out-of-bounds Write	<2.4.53-1
M Improper Input Validation	<2.4.9-1
C NULL Pointer Dereference	<2.4.25-4
C HTTP Request Smuggling	<2.4.53-1
H Improper Input Validation	<2.4.25-1
C Improper Authentication	<2.4.33-1
H Improper Data Handling	<2.4.25-1
H Improper Input Validation	<2.4.25-1
H CVE-2022-30556	<2.4.54-1
L Information Exposure	<2.2.9-10
H Cryptographic Issues	<2.4.25-1
C Out-of-Bounds	<2.4.25-4
M Resource Management Errors	<2.2.22-1
M Access Restriction Bypass	<2.4.16-1
C HTTP Request Smuggling	<2.4.56-1
M Resource Management Errors	<2.4.10-1
M Information Exposure	<2.2.15-1
L Incorrect Check of Function Return Value	<2.4.65-1
M Out-of-Bounds	<2.2.16-3
M Access Restriction Bypass	<2.4.10-9
L Resource Management Errors	<2.2.22-1
L CVE-2009-3094	<2.2.13-2
M Race Condition	<2.4.10-1
M Resource Management Errors	<2.4.10-1
L CRLF Injection	<2.4.25-1
L CVE-2012-0216	<2.2.22-4
H CVE-2013-2249	<2.4.6-1
L Out-of-Bounds	<2.4.10-8
M Improper Input Validation	<2.4.10-1
L Cross-site Scripting (XSS)	<2.2.22-13
L Cryptographic Issues	<2.2.22-12
H Directory Traversal	<2.4.50-1
M CVE-2021-30641	<2.4.46-6
M CVE-2018-11763	<2.4.35-1
L Cross-site Scripting (XSS)	<2.2.8-1
H Out-of-bounds Read	<2.4.33-1
L CVE-2007-1863	<2.2.4-1
M Resource Management Errors	<2.2.11-7
L Cross-site Scripting (XSS)	<2.2.22-8
M Out-of-Bounds	<2.4.33-1
L CVE-2010-1452	<2.2.16-1
L Improper Input Validation	<2.4.1-1
M Cross-site Scripting (XSS)	<2.4.41-1
L Cross-site Request Forgery (CSRF)	<2.2.9-1
L CVE-2007-1743	*
L Resource Management Errors	<2.2.9-1
L Resource Management Errors	<2.2.8-1
M Improper Input Validation	<2.2.18-1
H Out-of-bounds Write	<2.4.33-1
H NULL Pointer Dereference	<2.4.25-4
M Use After Free	<2.4.38-3
L Arbitrary Code Injection	*
M CVE-2011-1176	<2.2.17-2
M Numeric Errors	<2.0.55-4.1
L Cross-site Scripting (XSS)	<2.2.8-1
H Resource Management Errors	<2.2.19-2
H Improper Access Control	<2.4.23-2
L CVE-2010-0408	<2.2.15-1
L Cross-site Scripting (XSS)	<2.2.6-3
L CVE-2006-5752	<2.2.4-2
H CVE-2004-0747	<2.0.51
M CVE-2004-1834	<2.0.53-1
L Improper Input Validation	<2.2.11-4
L CVE-2007-3304	<2.2.4-2
L Cross-site Scripting (XSS)	<2.2.9-7
L CVE-2007-3847	<2.2.6-1
L Cross-site Scripting (XSS)	<2.2.8-1
M Access Restriction Bypass	<2.4.10-2
H CVE-2005-1344	<2.0.54-3
L CVE-2009-3095	<2.2.13-2
L Access Restriction Bypass	<2.4.6-1
L CVE-2006-3918	<2.0.55-4.1
L Configuration	<2.2.11-6
M Access Restriction Bypass	<2.2.22-13
L CVE-2007-1742	<2.2.8-5
M Missing Release of Resource after Effective Lifetime	<2.0.45
L Cross-site Scripting (XSS)	<2.2.22-13
M Improper Input Validation	<2.2.21-2
L Resource Exhaustion	*
L Access Restriction Bypass	<2.2.22-1
M Improper Input Validation	<2.4.9-1
L Improper Input Validation	<2.2.22-1
M Resource Management Errors	<2.2.15-3
M Improper Input Validation	<2.4.16-1
M CVE-2003-0189	<2.0.46
M CVE-2002-1593	<2.0.42
M CVE-2005-2728	<2.0.54-5
M CVE-2004-0748	<2.0.51
H CVE-2004-0488	<2.0.50-1
M Numeric Errors	<2.2.21-4
M CVE-2004-0942	<2.0.52-2
L Cross-site Scripting (XSS)	<2.2.8-1
M CVE-2004-0751	<2.0.50-11
L CVE-2013-4352	<2.4.7-1
M Numeric Errors	<2.2.11-7
L Session Fixation	*
H CVE-2004-0885	<2.0.52-2
H Out-of-Bounds	<2.0.48
L Off-by-one Error	<2.0.54-5
M Resource Management Errors	<2.2.21-1
M Improper Input Validation	<2.2.21-3
L CVE-2003-1307	*
H CVE-2002-1850	<2.0.42-1
M CVE-2004-0113	<2.0.52
M CVE-2004-0493	<2.0.50-1
M CVE-2003-0134	<2.0.46
M Resource Management Errors	<2.2.8-4
M Cryptographic Issues	<2.2.14-2
L CVE-2005-3352	<2.0.55-4
L Numeric Errors	*
L CVE-2005-2970	<2.0.55-1
M Cross-site Scripting (XSS)	<2.2.6-1
M CVE-2002-1592	<2.0.36
H CVE-2004-0811	<2.0.52
C CVE-2003-0789	<2.0.48
L Arbitrary Code Injection	*
L Cross-site Scripting (XSS)	<2.2.22-8
M CVE-2003-0253	<2.0.47
H Out-of-bounds Write	<2.4.55-1
M CVE-2002-1156	<2.0.43
L Resource Management Errors	<2.0.55-4
M CVE-2002-0654	<2.0.40
M CVE-2003-0192	<2.0.47
M CVE-2005-2700	<2.0.54-5
L Cross-site Scripting (XSS)	<2.2.8-1
M CVE-2003-0245	<2.0.46
H CVE-2002-0661	<2.0.40
M CVE-2005-2088	<2.0.54-5
M CVE-2003-0254	<2.0.47
M CVE-2003-0020	<2.0.49
M CVE-2004-0786	<2.0.51
M CVE-2004-0809	<2.0.51-1
L Cross-site Scripting (XSS)	*
M CVE-2002-0840	<2.0.43-1
L Race Condition	<2.2.8-5
M CVE-2003-0083	<2.0.46
H CVE-2002-0392	<2.0.37

Vulnerability

Vulnerable Version

Integer Overflow or Wraparound