Http Server

http_server

Vendor: Oracle • 105 CVEs

CVEs (105)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-34291 1Oracle 1Http Server Apr 23, 2026 Apr 21, 2026 N/A· v4 8.7 HIGH· v3 N/A· v2 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticat...Show more Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N).Show less
CVE-2026-21962 1Oracle 2Http Server Weblogic Server Proxy Plug In Feb 3, 2026 Jan 20, 2026 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS)....Show more Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).Show less
CVE-2025-21498 1Oracle 1Http Server Apr 10, 2025 Jan 21, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with...Show more Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).Show less
CVE-2024-20991 1Oracle 1Http Server Apr 10, 2025 Apr 16, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attac...Show more Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).Show less
CVE-2023-22019 1Oracle 1Http Server Nov 21, 2024 Oct 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attac...Show more Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).Show less
CVE-2022-21593 1Oracle 1Http Server Nov 21, 2024 Oct 18, 2022 N/A· v4 7.1 HIGH· v3 N/A· v2 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unau...Show more Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data as well as unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).Show less
CVE-2020-35169 2Dell Oracle 6Bsafe Crypto C Micro Edition Bsafe Micro Edition SuiteDatabase+3 more Nov 21, 2024 Jul 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.
CVE-2020-35168 2Dell Oracle 6Bsafe Crypto C Micro Edition Bsafe Micro Edition SuiteDatabase+3 more Nov 21, 2024 Jul 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
CVE-2020-35167 2Dell Oracle 6Bsafe Crypto C Micro Edition Bsafe Micro Edition SuiteDatabase+3 more Nov 21, 2024 Jul 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
CVE-2020-35166 2Dell Oracle 6Bsafe Crypto C Micro Edition Bsafe Micro Edition SuiteDatabase+3 more Nov 21, 2024 Jul 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
CVE-2020-35164 2Dell Oracle 6Bsafe Crypto C Micro Edition Bsafe Micro Edition SuiteDatabase+3 more Nov 21, 2024 Jul 11, 2022 N/A· v4 8.1 HIGH· v3 7.5 HIGH· v2 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
CVE-2020-35163 2Dell Oracle 6Bsafe Crypto C Micro Edition Bsafe Micro Edition SuiteDatabase+3 more Nov 21, 2024 Jul 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.
CVE-2020-29508 2Dell Oracle 6Bsafe Crypto C Micro Edition Bsafe Micro Edition SuiteDatabase+3 more Nov 21, 2024 Jul 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.
CVE-2020-29507 2Dell Oracle 6Bsafe Crypto C Micro Edition Bsafe Micro Edition SuiteDatabase+3 more Nov 21, 2024 Jul 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.
CVE-2020-29506 2Dell Oracle 6Bsafe Crypto C Micro Edition Bsafe Micro Edition SuiteDatabase+3 more Nov 21, 2024 Jul 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
CVE-2020-26185 2Dell Oracle 5Bsafe Micro Edition Suite DatabaseHttp Server+2 more Nov 21, 2024 Jun 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.
CVE-2020-26184 2Dell Oracle 4Bsafe Micro Edition Suite Http ServerSecurity Service+1 more Nov 21, 2024 Jun 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.
CVE-2022-23943 4Apache DebianFedoraproject+1 more 5Debian Linux FedoraHttp Server+2 more May 1, 2025 Mar 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior vers...Show more Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.Show less
CVE-2022-22721 5Apache AppleDebian+2 more 8Debian Linux Enterprise Manager Ops CenterFedora+5 more Nov 21, 2024 Mar 14, 2022 N/A· v4 9.1 CRITICAL· v3 5.8 MEDIUM· v2 If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52...Show more If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.Show less
CVE-2022-22720 5Apache AppleDebian+2 more 8Debian Linux Enterprise Manager Ops CenterFedora+5 more Nov 21, 2024 Mar 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

12 3 4 5 6 Next