Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-4000 | 4.3 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
|
22-10-2024 - 13:42 | 21-05-2015 - 00:59 | |
CVE-2015-3183 | 5.0 |
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large c
|
14-12-2023 - 14:06 | 20-07-2015 - 23:59 | |
CVE-2014-0231 | 5.0 |
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
|
31-10-2023 - 16:05 | 20-07-2014 - 11:12 | |
CVE-2015-2808 | 5.0 |
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial
|
07-09-2023 - 17:15 | 01-04-2015 - 02:00 | |
CVE-2014-0118 | 4.3 |
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted req
|
14-09-2022 - 18:31 | 20-07-2014 - 11:12 | |
CVE-2014-0226 | 6.8 |
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr
|
14-09-2022 - 18:30 | 20-07-2014 - 11:12 | |
CVE-2013-5704 | 5.0 |
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a s
|
14-04-2022 - 16:47 | 15-04-2014 - 10:55 |