httpd vulnerabilities

Known vulnerabilities in the httpd package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Improper Output Neutralization for Logs	<0:2.4.63-1.el10_0.2
M Improper Access Control	<0:2.4.63-1.el10_0.2
M Improper Authentication	<0:2.4.63-1.el10_0.2
M HTTP Response Splitting	*
M HTTP Response Splitting	*
M Reachable Assertion	*
M Server-Side Request Forgery (SSRF)	*
M Server-Side Request Forgery (SSRF)	*
M Memory Leak	*
M Memory Leak	*
H Improper Input Validation	*
M Resource Exhaustion	*
M HTTP Response Splitting	*
M HTTP Response Splitting	*
M HTTP Response Splitting	*
M HTTP Response Splitting	*
L Use After Free	*
L HTTP Request Smuggling	*
L Out-of-bounds Read	*
H Out-of-bounds Write	*
H HTTP Request Smuggling	*
L Improper Input Validation	*
L Improper Input Validation	*
L Improper Input Validation	*
H NULL Pointer Dereference	*
M Improper Input Validation	*
H Improper Encoding or Escaping of Output	*
H Inclusion of Functionality from Untrusted Control Sphere	*
M Improper Encoding or Escaping of Output	*
M Out-of-bounds Read	*
M Out-of-bounds Read	*
M Out-of-bounds Read	*
M Out-of-bounds Write	*
H Out-of-bounds Write	*
M Server-Side Request Forgery (SSRF)	*
M Out-of-bounds Write	*
M NULL Pointer Dereference	*
M NULL Pointer Dereference	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Improper Access Control	*
L Path Equivalence	*
L Authentication Bypass by Primary Weakness	*
M Improper Input Validation	*
M Use After Free	*
H Missing Initialization of a Variable	*
M Out-of-bounds Read	*
M Out-of-bounds Read	*
M Out-of-bounds Read	*
L Out-of-bounds Write	*
L Out-of-bounds Write	*
M NULL Pointer Dereference	*
M NULL Pointer Dereference	*
M NULL Pointer Dereference	*
M Improper Authentication	*
M Improper Authentication	*
M Improper Authentication	*
M Improper Input Validation	*
M HTTP Response Splitting	*
M HTTP Response Splitting	*
M HTTP Response Splitting	*
M Improper Authentication	*
L Link Following	*
M CVE-2007-1863	<0:2.0.59-1.el4s1.7
M Out-of-bounds Read	<0:2.0.59-1.el4s1.8
M Cross-site Scripting (XSS)	<0:2.0.59-1.el4s1.7
M CVE-2007-3304	<0:2.0.59-1.el4s1.7
M Cross-site Scripting (XSS)	<0:2.0.59-1.el4s1.10
L Cross-site Scripting (XSS)	*
L Cross-site Scripting (XSS)	<0:2.0.59-1.el4s1.10
L Cross-site Scripting (XSS)	<0:2.0.59-1.el4s1.10
L Cross-site Scripting (XSS)	*
L Integer Overflow or Wraparound	*
L Integer Overflow or Wraparound	*
L CVE-2013-1862	*
M CVE-2013-1896	*
M Out-of-Bounds	*
M Out-of-Bounds	*
M Out-of-Bounds	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
M Encoding Error	*
M Encoding Error	*
M Encoding Error	*
M Resource Management Errors	*
M Resource Exhaustion	*
H Heap-based Buffer Overflow	*
M NULL Pointer Dereference	*
L Improper Authentication	*
L Improper Authentication	*
L Improper Authentication	*
L Improper Authentication	*
L CVE-2012-0883	*
M CVE-2012-0053	*
M CVE-2012-0053	*
L Cross-site Scripting (XSS)	<0:2.0.59-1.el4s1.8
M Allocation of Resources Without Limits or Throttling	*
M Access Restriction Bypass	<0:2.0.63-2.el4s1.2
H Execution with Unnecessary Privileges	*
M Resource Exhaustion	*
M Use After Free	*
M Use After Free	*
H Resource Exhaustion	*
H Resource Exhaustion	*
H Resource Exhaustion	*
H Resource Exhaustion	<0:2.2.3-22.el5_3.3
H Resource Exhaustion	<0:2.0.46-78.ent
M Improper Input Validation	*
M Improper Input Validation	*
L Open Redirect	*
L Cross-site Scripting (XSS)	*
M Use of Uninitialized Resource	*
H Resource Exhaustion	*
M Insufficient Verification of Data Authenticity	*
L HTTP Response Splitting	*
L HTTP Response Splitting	*

Vulnerability

Vulnerable Version

Improper Output Neutralization for Logs

<0:2.4.63-1.el10_0.2

Improper Access Control

<0:2.4.63-1.el10_0.2

Improper Authentication

<0:2.4.63-1.el10_0.2

HTTP Response Splitting