CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49812 – Apache HTTP Server: mod_ssl TLS upgrade attack
https://notcve.org/view.php?id=CVE-2025-49812
10 Jul 2025 — In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. An HTTP session hijacking flaw was found in Apache httpd. In some mod_ssl configurations on Apache HTTP Server, an HTTP desynchronization atta... • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 1CVE-2023-38709 – Apache HTTP Server: HTTP response splitting
https://notcve.org/view.php?id=CVE-2023-38709
04 Apr 2024 — Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. La validación de entrada defectuosa en el núcleo de Apache permite que generadores de contenido/backend maliciosos o explotables dividan las respuestas HTTP. Este problema afecta al servidor HTTP Apache: hasta 2.4.58. A flaw was found in httpd. • https://github.com/mrmtwoj/apache-vulnerability-testing • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-6675
https://notcve.org/view.php?id=CVE-2006-6675
21 Dec 2006 — Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. Vulnerabilidad de XSS en Novell NetWare 6.5 Support Pack 5 y 6 y Novell Apache en NetWare 2.0.48 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados en la aplicación web Welcome. • http://secunia.com/advisories/23406 •