Stay safe, and keep your servers updated!
Version 2.4 has ongoing security support. Major Linux distributions offer upgrade paths. Example on CentOS 6 (deprecated) or Ubuntu: apache httpd 2.2.22 exploit
An attacker can pass arguments like -d+allow_url_include%3don+-d+auto_prepend_file%3dphp://input . Stay safe, and keep your servers updated
If you are still running Apache HTTP Server version 2.2.22 , your server is at significant risk. Released in 2012, this version has multiple known, publicly available exploits that can lead to denial of service, information disclosure, or even remote code execution (RCE). Example on CentOS 6 (deprecated) or Ubuntu: An
Web Software (Apache 2.2. 22) This version was released on Jul 2015. It is an outdated version and expected vulnerable to certain ... Medium Apache 2.2.22 Exploit and Vulnerabilities | Fortra 22 , a Medium Risk Vulnerability. With Notes on Remediation, Penetration Testing, Disclosures, Patching and Exploits. Vulnerabilit... Fortra Meowmycks/OSCPprep-SickOs1.1: Performed an RCE by ... This could allow the user agent to render the content of the site in a different fashion to the MIME type + Server may leak inodes... GitHub Apache HTTP Server 2.2 vulnerabilities These defects represent a security concern when httpd is participating in any chain of proxies or interacting with back-end applic... Apache HTTP Server Apache HTTP Server 2.4 vulnerabilities The initial GA release, Apache httpd 2.4. 1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2. ... Apache HTTP Server Vulnerability Details : CVE-2012-3499 Feb 26, 2013 —
curl -X POST \ http://target-server.com \ -H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \ -d '----------------------------boundary'