本頁列出影響 ibm http_server 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-9170 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation. | [email protected] | 9.8 | 0.49% | 2026-05-26 | 2026-06-11 |
| CVE-2026-8856 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration. | [email protected] | 7.7 | 0.20% | 2026-05-26 | 2026-05-26 |
| CVE-2026-8855 | IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication). | [email protected] | 8.1 | 0.46% | 2026-05-26 | 2026-05-26 |
| CVE-2026-8854 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache. | [email protected] | 7.5 | 0.36% | 2026-05-26 | 2026-05-26 |
| CVE-2026-8835 | IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service. | [email protected] | 7.3 | 0.25% | 2026-05-26 | 2026-05-26 |
| CVE-2026-8834 | IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service. | [email protected] | 8.0 | 0.26% | 2026-05-26 | 2026-05-26 |
| CVE-2026-8852 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module. | [email protected] | 6.2 | 0.20% | 2026-05-26 | 2026-05-26 |
| CVE-2026-8850 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload. | [email protected] | 7.5 | 0.38% | 2026-05-26 | 2026-05-26 |
| CVE-2023-32342 | IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828. | [email protected] | 7.5 | 0.92% | 2023-05-30 | 2024-11-21 |
| CVE-2023-26281 | IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. | [email protected] | 5.9 | 1.12% | 2023-03-01 | 2024-11-21 |
| CVE-2015-4947 | Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors. | [email protected] | 9.0 | 7.92% | 2015-09-15 | 2026-05-06 |
| CVE-2012-5955 | Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors. | [email protected] | 10.0 | 4.40% | 2012-12-20 | 2026-04-29 |
| CVE-2011-1360 | Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/. | [email protected] | 4.3 | 1.67% | 2011-10-28 | 2026-04-29 |
| CVE-2010-0425 | modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | [email protected] | 10.0 | 94.25% | 2010-03-05 | 2025-07-24 |
| CVE-2004-0263 | PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | [email protected] | 5.0 | 3.48% | 2004-11-23 | 2026-04-16 |
| CVE-2004-0493 | The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | [email protected] | 6.4 | 84.78% | 2004-08-06 | 2026-04-16 |
| CVE-2004-0492 | Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. | [email protected] | 10.0 | 33.64% | 2004-08-06 | 2026-04-16 |
| CVE-2004-1082 | mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | [email protected] | 7.5 | 7.58% | 2004-02-03 | 2026-04-16 |
| CVE-2002-1822 | IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). | [email protected] | 5.0 | 2.10% | 2002-12-31 | 2026-06-16 |
| CVE-2001-0122 | Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. | [email protected] | 5.0 | 3.32% | 2001-03-13 | 2026-06-16 |