Homepage

apache/httpd vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the https://github.com|apache/httpd package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Server-Side Request Forgery (SSRF)

[,2.4.62)
  • H
Exposure of Resource to Wrong Sphere

[,2.4.62)
  • H
Server-Side Request Forgery (SSRF)

[2.4.0,2.4.60)
  • H
Information Exposure

[,2.4.61)
  • H
Inclusion of Functionality from Untrusted Control Sphere

[2.4.0,2.4.60)
  • M
NULL Pointer Dereference

[2.4.55,2.4.60)
  • C
Improper Encoding or Escaping of Output

[2.4.0,2.4.60)
  • H
Denial of Service (DoS)

[2.4.0,2.4.60)
  • H
Improper Encoding or Escaping of Output

[2.4.0,2.4.60)
  • C
Improper Encoding or Escaping of Output

[2.4.0,2.4.60)
  • M
Improper Input Validation

[2.4.0,2.4.60)
  • H
Uncontrolled Resource Consumption ('Resource Exhaustion')

[,2.4.59)
  • M
Improper Input Validation

[,2.4.59)
  • M
HTTP Response Splitting

[,2.4.59)
  • M
Uncontrolled Resource Consumption ('Resource Exhaustion')

[,2.4.58)
  • M
Out-of-Bounds Read

[,2.4.58)
  • H
Uncontrolled Resource Consumption ('Resource Exhaustion')

[2.4.55,2.4.58)
  • M
HTTP Response Splitting

[,2.4.56)
  • M
HTTP Response Splitting

[2.4.30,2.4.56)
  • H
Out-of-Bounds

[,2.4.55)
  • M
HTTP Request Smuggling

[,2.4.55)
  • M
HTTP Response Splitting

[,2.4.55)
  • H
Server-side Request Forgery (SSRF)

[2.4.7,2.4.52)
  • H
Buffer Overflow

[2.4.7,2.4.52)
  • M
Allocation of Resources Without Limits or Throttling

[,2.4.54)
  • H
Denial of Service (DoS)

[,2.4.54)
  • H
Out-of-Bounds

[,2.4.54)
  • H
Authentication Bypass

[,2.4.54)
  • M
Information Exposure

[,2.4.54)
  • M
Out-of-bounds Read

[,2.4.54)
  • H
Out-of-bounds Read

[,2.4.54)
  • M
HTTP Request Smuggling

[,2.4.54)
  • H
Out-of-bounds Write

[,2.4.53)
  • M
Denial of Service (DoS)

[,2.4.53)
  • H
HTTP Request Smuggling

[,2.4.53)
  • H
Out-of-bounds Write

[,2.4.53)
  • M
Resource Management Errors

[0,2.4.11)
  • M
Improper Input Validation

[,2.2.11]
  • M
Improper Input Validation

[,2.2.15-60]
  • M
Denial of Service (DoS)

[,2.0.54)
  • M
Resource Management Errors

[,2.2.21)
  • H
Authentication Bypass

[,2.4.5)
  • L
Improper Input Validation

[2.0,2.2.21]
  • H
Out-of-bounds Write

[,2.4.41)
  • C
Denial of Service (DoS)

[,1.3)
  • M
Access Restriction Bypass

[2.2.0,2.2.14)
  • L
Cross-site Scripting (XSS)

[,2.2.8-1.fc7)
  • M
Open Redirect

[2.4.0,2.4.40)
  • H
Denial of Service (DoS)

[1.2.2,1.3.24][2.0.0,2.0.37)
  • M
CVE-2003-0192

[,2.0.47)
  • H
Out-of-bounds Write

[,2.4.30)
  • M
Cross-site Scripting (XSS)

[2.4.0,2.4.40)
  • H
Access Restriction Bypass

[,2.0.51]
  • M
Denial of Service (DoS)

[,2.3.3)
  • M
CVE-2002-0654

[2.0,2.0.39]
  • M
Information Exposure

[,2.4.3)
  • H
Use After Free

[,2.3.0)
  • H
Arbitrary Code Execution

[1.3.11,1.3.20]
  • H
Out-of-Bounds

[,1.3.33)
  • M
Cross-site Scripting (XSS)

[,1.3.35)
  • H
Directory Traversal

[,2.4.50)
  • M
Resource Management Errors

[,2.2.18]
  • M
Denial of Service (DoS)

[,1.3.39)
  • C
Use After Free

[2.4.18,2.4.40)
  • M
Denial of Service (DoS)

[2.0,2.0.50]
  • M
CVE-1999-0678

[0,)
  • M
Arbitrary Code Execution

[,1.3]
  • M
Access Restriction Bypass

[,2.2.3]
  • M
Improper Input Validation

[1.3.0,1.3.26)[2.0.0,2.0.46)
  • C
Improper Authentication

[2.2.0,2.3.0)[2.4.0,2.4.30)
  • H
Access Restriction Bypass

[2.4.17,2.4.49)
  • M
Denial of Service (DoS)

[2.0,2.0.50]
  • M
CVE-2000-0505

[1.3.6,1.3.12]
  • M
Access Restriction Bypass

[,2.2.29)[2.4.0,2.4.11)
  • H
Remote Code Execution (RCE)

[,1.3.24)[2.0.0,2.0.34)
  • M
Resource Management Errors

[,2.2.22)
  • M
Improper Input Validation

[,2.2.22)
  • M
Improper Input Validation

[,2.4.13)
  • H
Improper Input Validation

[2.4.0,2.4.30)
  • M
CVE-2002-0249

[,2.0.28]
  • M
Denial of Service (DoS)

[,2.2.14)
  • M
Information Exposure

[1.0,2.0.48]
  • M
Denial of Service (DoS)

[,2.2.16)
  • H
CVE-2001-1449

[,1.3.19)
  • H
Denial of Service (DoS)

[2.4.18,2.4.31)
  • M
Improper Input Validation

[,2.4.8)
  • M
Improper Input Validation

[,2.4.14)
  • M
Cross-site Scripting (XSS)

[,2.2.12)
  • M
CRLF Injection

[,2.2.32)[2.4.0,2.4.25)
  • M
Denial of Service (DoS)

[2.0,2.0.45]
  • H
HTTP Request Smuggling

[2.4.20,2.4.44)
  • H
Cryptographic Issues

[,2.4.25)
  • H
Access Restriction Bypass

[,1.3.30)
  • M
Cross-site Scripting (XSS)

[,2.2.24)[2.4.0,2.4.4)
  • H
NULL Pointer Dereference

[,2.4.48)
  • M
CVE-2007-1743

[,2.2.3]
  • H
Directory Traversal

[2.0,2.0.39]
  • M
Cross-site Scripting (XSS)

[,2.0.64)
  • H
Denial of Service (DoS)

[,2.0.44)
  • H
Out-of-bounds Write

[2.4.0,2.4.47)
  • H
Access Restriction Bypass

[,2.4.2)
  • M
Resource Management Errors

[,2.2.18)
  • M
Information Exposure

[,2.2.9]
  • M
Resource Management Errors

[,2.4.10)
  • C
Buffer Overflow

[2.4.32,2.4.44)
  • H
NULL Pointer Dereference

[,2.4.49)
  • H
Arbitrary Code Execution

[,2.0.52]
  • M
Information Exposure

[,2.2.6]
  • M
Resource Management Errors

[2.0.63,2.2.8]
  • C
Denial of Service (DoS)

[,1.3.2)
  • C
Directory Traversal

[,2.4.51)
  • M
Denial of Service (DoS)

[,2.0.49)
  • M
Cross-site Scripting (XSS)

[,2.2.6)
  • M
Access Restriction Bypass

[2.3.0,2.4.10]
  • H
Out-of-bounds Read

[,2.4.30)
  • M
Improper Input Validation

[,2.4.10)
  • M
Buffer Overflow

[2.0,2.0.50]
  • M
Improper Input Validation

[,2.2.22)
  • L
Cross-site Scripting (XSS)

[,2.0.44]
  • L
Remote Code Execution (RCE)

[1.3.0,1.3.39][2.0.0,2.0.62)[2.2.0,2.2.7)
  • M
Arbitrary Code Execution

[1.3.1,1.3.27]
  • H
Out-of-bounds Read

[2.4.30,2.4.49)
  • M
Denial of Service (DoS)

[,2.2.22)
  • M
Access Restriction Bypass

[,2.2.22)
  • M
CVE-2002-0240

[,2.0.28]
  • M
Resource Management Errors

[,2.2.15)
  • H
Out-of-Bounds

[,1.3.29)
  • H
Race Condition

[,2.2.3]
  • M
Denial of Service (DoS)

[,1.3.24)
  • M
Information Exposure

[,2.2.15)
  • H
Denial of Service (DoS)

[,1.3.27)[2.0.0,2.0.43)
  • H
Access Restriction Bypass

[,1.3.14]
  • M
CVE-2018-11763

[2.4.17,2.4.35)
  • M
Denial of Service (DoS)

[,2.0)
  • C
Server-side Request Forgery (SSRF)

[,2.4.49)
  • H
Denial of Service (DoS)

[,2.0.59)
  • C
Arbitrary Code Execution

[,2.3.7)
  • M
Denial of Service (DoS)

[,2.0.42)
  • M
Directory Traversal

[0.8.11,1.3]
  • M
Resource Management Errors

[,2.2.8-1.fc7)
  • M
Cross-site Scripting (XSS)

[,2.0.43)
  • M
Insertion of Sensitive Information into Log File

[1.3.0,1.3.31)[2.0.0,2.0.49)
  • M
CVE-1999-0070

[,1.3.0)
  • H
NULL Pointer Dereference

[2.4.0,2.4.47)
  • M
CVE-2000-1204

[1.3.9,1.3.12]
  • M
Arbitrary Code Execution

[,1.3.11)
  • H
Out-of-Bounds

[1.3,1.3.27]
  • M
CVE-2000-0869

[,1.3.12]
  • M
Out-of-Bounds

[,2.4.11)
  • M
Denial of Service (DoS)

[,2.0.47)
  • M
Cryptographic Issues

[,2.0.65)[2.2.0,2.2.25)
  • H
Out-of-bounds Write

[2.4.20,2.4.40)
  • M
HTTP Request Smuggling

[2.4.17,2.4.39)
  • M
Denial of Service (DoS)

[0,)
  • M
Cross-site Scripting (XSS)

[,2.2.23)[2.4.0,2.4.3)
  • M
Cross-site Scripting (XSS)

[,1.3.41)[2.2.0,2.2.8)
  • M
Directory Traversal

[,1.3.19)
  • H
Resource Management Errors

[,2.2.20)
  • M
HTTP Request Smuggling

[2.4.6,2.4.47)
  • M
Information Exposure

[2.0,2.0.49]
  • M
Use of Uninitialized Resource

[2.4.0,2.4.42)
  • C
NULL Pointer Dereference

[,2.2.34)[2.4.0,2.4.26)
  • H
Use After Free

[,2.4.27)
  • H
Race Condition

[2.4.0,2.4.39)
  • H
NULL Pointer Dereference

[2.4.41,2.4.47)
  • C
Out-of-bounds Write

[,2.4.49)
  • M
Remote Code Execution (RCE)

[2.0.59,2.2.4]
  • M
Denial of Service (DoS)

[,2.0.47)
  • H
Arbitrary Code Execution

[1.3,2.0.49]
  • M
Cross-site Scripting (XSS)

[,1.3.34)[2.0.0,2.0.55)
  • M
CVE-2003-0017

[,2.0.44)
  • M
Denial of Service (DoS)

[,2.0.50)
  • M
Off-by-one Error

[2.0.35,2.0.55)
  • M
Denial of Service (DoS)

[,2.3.0]
  • H
Improper Input Validation

[,2.4.25)
  • C
Information Exposure

[,2.2.34)[2.4.0,2.4.27)
  • M
Cross-site Scripting (XSS)

[,1.3.39)
  • H
NULL Pointer Dereference

[,2.4.26)
  • M
Information Exposure

[2.0.58,2.2.3]
  • M
Denial of Service (DoS)

[2.0.47,2.0.50]
  • M
Resource Management Errors

[2.0,2.0.55]
  • M
Cross-site Scripting (XSS)

[,1.3.35)
  • M
Resource Management Errors

[,2.4.10)
  • M
Improper Input Validation

[1.3.0,1.3.31)[2.0.0,2.0.49)
  • H
NULL Pointer Dereference

[,2.4.50)
  • M
Denial of Service (DoS)

[2.0,2.0.50]
  • H
CVE-1999-1053

[,1.3.9]
  • H
CVE-2004-1082

[1.3,1.3.29]
  • M
Memory Leak

[2.0.0,2.0.45)
  • M
Improper Input Validation

[,2.2.18)
  • M
Resource Management Errors

[,2.2.22)
  • M
Cross-site Scripting (XSS)

[,2.2.4]
  • M
Access Restriction Bypass

[,2.2.25)
  • H
Use After Free

[2.4.17,2.4.39)
  • M
Resource Management Errors

[,2.2.12)
  • L
Improper Input Validation

[,2.2.22)
  • M
Denial of Service (DoS)

[,2.4.16)
  • M
Use After Free

[2.4.17,2.4.39)
  • M
Denial of Service (DoS)

[2.0.47,2.0.49]
  • M
Cross-site Scripting (XSS)

[,1.3.41)[2.2.0.fc7,2.2.8-1.fc7)
  • M
Open Redirect

[2.4.0,2.4.42)
  • M
Denial of Service (DoS)

[2.0.40,2.0.45]
  • M
CVE-2000-0868

[,1.3.12]
  • M
Information Exposure

[2.2.9,2.3.5]
  • M
Access Restriction Bypass

[2.4.0,2.4.46)
  • C
Open Redirect

[,2.0.49)
  • M
Insufficient Verification of Data Authenticity

[2.4.1,2.4.24)
  • M
Denial of Service (DoS)

[2.0.37,2.0.45]
  • M
Cross-site Scripting (XSS)

[,2.2.24)[2.4.0,2.4.4)
  • H
HTTP Request Smuggling

[2.4.20,2.4.46)
  • H
Improper Access Control

[,2.4.23)
  • M
Denial of Service (DoS)

[,2.2.15)
  • M
Improper Input Validation

[,2.4.8)
  • M
Arbitrary Code Execution

[2.0,2.2.3]
  • H
Access Restriction Bypass

[2.0.35,2.0.52]
  • C
Improper Authentication

[2.2.0,2.2.33)[2.4.0,2.4.26)
  • H
Session Fixation

[2.4.0,2.4.38)
  • H
Improper Access Control

[,2.4.24)
  • M
Denial of Service (DoS)

[,1.3.20)
  • H
Improper Input Validation

[,2.4.24)
  • H
Improper Data Handling

[,2.4.25)
  • M
Symlink Attack

[1.3.14,2.0]
  • M
NULL Pointer Dereference

[,2.4.30)
  • M
Cross-site Scripting (XSS)

[,2.0.63)[2.2.0,2.2.8)
  • M
CVE-2002-1156

[,2.0.42]
  • M
Race Condition

[,2.4.10)
  • H
NULL Pointer Dereference

[,2.4.34)
  • H
CVE-2003-0987

[,2.0)
  • M
Denial of Service (DoS)

[,2.0.44]
  • M
CVE-1999-0289

[0,)
  • M
Denial of Service (DoS)

[,2.0)
  • M
Race Condition

[2.4.0,2.4.39)
  • M
Cross-site Scripting (XSS)

[,2.2.8-1.fc7)
  • M
Cross-site Request Forgery (CSRF)

[,2.2.6]
  • C
Out-of-bounds Write

[2.4.0,2.4.47)
  • M
Denial of Service (DoS)

[,2.4.38)
  • M
Denial of Service (DoS)

[1.3.14,1.3.19]
  • C
Improper Input Validation

[,2.2.34)[2.4.0,2.4.26)
  • M
Information Exposure

[,2.2.4-4.1.fc7)
  • M
Arbitrary Code Execution

[0.8.11,1.3.12]
  • M
Resource Management Errors

[,2.4.10)
  • M
Improper Input Validation

[,2.4.23)
  • C
Out-of-Bounds

[2.2.0,2.2.33)[2.4.0,2.4.26)
  • M
Information Exposure

[2.0,2.0.35]
  • C
Access Restriction Bypass

[2.0,2.1.6]
  • H
Access Restriction Bypass

[0,)
  • M
Session Fixation

[1.3.11,2.0)
  • L
Denial of Service (DoS)

[2.0.63,2.2.13]
  • C
Buffer Overflow

[0,)
  • M
Denial of Service (DoS)

[2.0.39,2.0.40]
  • M
Denial of Service (DoS)

[,2.4.7)
  • M
Cross-site Scripting (XSS)

[1.3.0,1.3.11]
  • M
CVE-2021-30641

[2.4.39,2.4.47)
  • M
Resource Management Errors

[,2.4.20)
  • M
CVE-2018-1283

[2.4.0,2.4.30)
  • M
Denial of Service (DoS)

[,2.0]
  • M
Denial of Service (DoS)

[,2.0.53)
  • M
Out-of-Bounds

[,2.4.30)
  • L
Cross-site Scripting (XSS)

[,2.2.23)[2.4.0,2.4.3)
  • M
Access Restriction Bypass

[,2.4.16)
  • H
Denial of Service (DoS)

[2.4.37,2.4.38)
  • M
Cryptographic Issues

[,2.2.15)