Apache » Http Server : Security Vulnerabilities, CVEs, Published In 2015 CVSS score >= 5
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Max CVSS
5.0
EPSS Score
7.18%
Published
2015-07-20
Updated
2023-12-14
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
Max CVSS
5.0
EPSS Score
1.73%
Published
2015-07-20
Updated
2021-06-06
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
Max CVSS
5.0
EPSS Score
4.04%
Published
2015-03-08
Updated
2021-06-06
3 vulnerabilities found