Type Web Server


The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor »

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.


The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (331): 3S-Smart CODESYS Web Server, 24Link Web Server, A1 HTTP Server, Accoria Rock Web Server, ACI 4D Webserver, Acme httpd, ACME Micro Httpd, Acme Mini HTTPd, Acme mini_httpd, Acme thttpd, Acme Labs Mini HTTPd, Acme Labs thttpd, ActiveXperts ActiveWebserver, AIDeX Mini-WebServer, Aldo Vargas Aldos Web Server, Allegro RomPager Embedded Web Server, Amcrest Web Server, AN-HTTPd, AN AN-HTTPd, Apache httpd, Apache HTTP Server, Apache Thrift Node.js Static Web Server, Apache Tomcat, Aprelium Abyss Web Server, Aprelium Technologies Abyss Web Server, Arihiro Kurta Kantan WEB Server, Ashleys Web Server, Ashley Brown iWeb Server, Baby Web Server, Bajie Java HTTP Server, Bbshareware.com Phusion Webserver, Beck IPC IPC@CHIP Embedded-Webserver, Biba Software SeleniumServer Web Server, Biblioscape Biblioweb Server, BlueFace Falcon Web Server, Boa Boa Webserver, Boa Webserver, Boa Webserver, Borland Web Server For Corel Paradox, BugHunter HTTP SERVER, Bughunter HTTP Server, Canary Labs Trend Web Server, Cellinx NVT Web Server, Cesanta MongooseOS, Cesanta Mongoose Embedded Web Server Library, Charles Steinkuehler sh-httpd, Cherokee httpd, Cherokee HTTPD, Cherokee Web Server, Citrix Nfuse Webserver, CODESYS Web Server, Comscripts Web Server Creator, Comscripts Web Server Creator Web Portal, CSM Alibaba Web Server, Cupidsystems CIS WebServer, Cyberstop Web Server, David Yuan Forum Web Server, Debian HTTP Server, Debut Embedded httpd, Debut Embedded http Server, Deep Forest Software Quik-Serv Webserver, Dell OpenManage Web Server, Desiderata Software Blazix Web Server, dhttpd, DiGi Web Server, Doug Neal DNHTTPD, Dune Web Server, Easy File Sharing Web Server, EFS Easy Address Book Web Server, EFS Easy File Sharing Web Server, EFS Web Server, Efssoft Easy File Sharing Web Server, Efs Software Efs Web Server, Eitsop My Web Server, EmbedThis GoAhead Webserver, EMotion MediaPartner Web Server, eMotion MediaPartner Web Server, ER Mapper Image Web Server Ecw Jpeg 2000 Plug-in, Essen Essentia Web Server, Eterna bozohttpd, Exemys Telemetry Web Server, Falcon Falcon Web Server, Fastream FUR HTTP Server, Fastream NETFile FTP, Fastream Netfile Ftp Web Server, FaSTream Netfile Ftp Web Server, Fastream Web Server, fhttpd, Fizmez Web Server, Free Java Web Server, Funsoft Dinos Webserver, Gamecheats Advanced Web Server Professional, GazTek ghttpd, GCDWebServer, Glimpse Web Server, GNOME Dwarf HTTP Server, GNU libmicrohttpd, GoAhead Webserver, GoAhead WebServer, Goahead Webserver, Goahead Web Server, Goahead Software Webserver, Grigoriadis Mini Web server, groonga-httpd, Guido Frassetto SEDUM HTTP Server, Gummy Bear FTP Drive + HTTP Server, Gweb HTTP Server, Hasbani Web Server, Hitachi Web Server, Honeywell Notifier Web Server, HP Embedded Web Server, HP HTTP Server, HP Secure Web Server For Tru64, httpdx HTTP Server, Http explorer Http Explorer Web Server, HTTP Server, Hughes Technologies LibHTTPD, IBM HTTP Server, Icecast Web Server, Imatix Xitami Web Server, IniNet embeddedWebServer, IniNet Webserver, Inso dwhttpd, Intel Rapid Web Server, InterVations Navicopa Web Server, InterVations NaviCOPA Web Server, Iplanet iPlanet Web Server, Iplanet Web Server, iPlanet Web Server, Jan Kneschke lighttpd, Javascript Xerver HTTP Server, JavaWebServer, Jeremy Arnold Worm Webserver, Jetty httpd, Jetty HTTP Server, Jetty Http Server, Jeuce Jeuce Personal Web Server, Jim Rees palmhttpd, Jo Webserver, KarjaSoft HTTP Server, Karjasoft Sami HTTP Server, Kerio WebServer, keycloak-httpd-client-install, Key Focus KF Web Server, Kurinton sHTTPd, LightTPD, Lighttpd, lighttpd, Light HTTPd, Litespeedtech LiteSpeed Web Server, Litespeed Technologies LiteSpeed Web Server, Lonerunner Zeroo HTTP Server, Lysias Lidik Webserver, Max Feoktistov Small HTTP Server, Mbedthis AppWeb HTTP Server, McAfee myCIO HTTP Server, MCPWS Personal Webserver, MDG 4D Webserver, MDG Web Server 4d, Mephistoles httpd, Michael Lamont Savant WebServer, Michael Lamont Savant Webserver, Michael Lamont Savant Web Server, Micheal Lamont Savant Webserver, Microsoft Frontpage, Microsoft IIS, Microsoft iis, Microsoft Internet Information Server, Microsoft Personal Web Server, Minihttpserver.net Forum Web Server, Minishare Minimal HTTP Server, MiniWeb HTTP Server, MiniWeb Http Server, MiniWeb HTTP Server, mini_httpd, Moby Netsuite Web Server, Mongoose Web Server, Monit Web Server, Monkey HTTP Daemon, Monoxide0184 Oxide WebServer, Munica Web Server, MyWebServer, Nakata An Httpd, NanoHTTPD, NCSA httpd, NCSA Webserver, nessus Web Server plugin, Netcruiser Web Server, Netdave Webster Http Server, Netscape Enterprise Server, Netscape Enterprise Web Server, Netscape iPlanet Web Server, NetServe Web Server, NetworkActiv NetworkActiv Web Server, NetworkActiv Web Server, Newmad Technologies PicoWebServer, nginx, Nginx Controller, Nginx Unit, Nickolas Grigoriadis Mini Web server, Nombas ScriptEase Webserver, Nombas Scriptease Webserver, Northern Xeneo Web Server, Northern Solutions Xeneo Web Server, Norz zawhttpd, Nostromo nhttpd, Notifier Web Server, Novell Web Server, Nulllogic Null HTTP Server, Ohio State University Osu Httpd, OkCupid OK Web Server, Omnicron OmniHTTPD, Opentext HTTP Daemon, Oracle Administration Web Server, Oracle HTTP Server, Oracle iPlanet Web Server, Oracle One-Hour Install Web Server, Oracle Oracle9iAS Web Server, Oracle Oracle iPlanet Web Server, Oracle Webserver, Oracle Web Server, Orange Web Server, Orenosv HTTP Server, Oxide WebServer, Pablo Quick 'n Easy Web Server, Pablo Software Solutions Baby ASP Web Server, Pegasi Web Server, Perl-HTTPd, Peter Sandvik Simple Web Server, Pi3Web Web Server, Plain Old Webserver, Plug And Play Web Server, Plug And Play Web Server Proxy, PMSoftware Simple Web Server, PWebServer Web Server, pWins Webserver, Quick 'n Easy Web Server, Radiobird Web Server 4 Everyone, Radiobird Software Webserver 4 All, Radiobird Software Webserver 4 Everyone, RaidenHTTPD, raidenhttpd, Raiden Professional Servers raidenhttpd, Real Time Logic Barracudadrive Web Server Home Server, Red Hat JBoss Web Server, Red Hat TUX HTTP Server, Reptile Web Server, Roxen Challenger Webserver, Roxen Webserver, Roxen Web Server, Salvo Tomaselli Weborf HTTP Server, Sambar Web Server, Sami HTTP Server, Savant Savant Webserver, Savant Webserver, savant web server, Savant Web Server, SCADA Webserver, Sergey Lyubka HTTPD, Sergey Lyubka Simple HTTPD, Sharing-file Easy File Sharing Web Server, shttpd, Siemens Synco OZW Web Server, Silver-forge Neptune Web Server, SiteScope Administration Web Server, SiteScope Management Web Server, Small HTTP Server, Snowblind Web Server, Soft3304 04webserver, Soft3304 04WebServer, Software602 Web Server, Solido Systems Ravenous Web Server, SourceForge Monkey httpd, Spencer Christensen Perl Web Server, Sphinx-soft Mobile Web Server, SpiderControl SCADA Web Server, Static HTTP Server, sthttpd, strong-nginx-controller, Summit Computer Networks Lil HTTP Server, Sun Cobalt Administration Web Server, Sun Cobalt HTTP Server, Sun iPlanet Web Server, Sun Java System Web Server, Sun Java System Web Server Plugin, Sun ONE, Sun ONE web server, Sun ONE Web Server, Sun One Web Server, Surfboard httpd, SWS Simple Web Server, SWS Sws Simple Web Server, T. Hauck Jana Web Server, Telcondex SimpleWebServer, Telcondex Simplewebserver, thttpd, thttpd HTTP Server, Timo Gaik Webby Webserver, TinyHTTPD, TinyWeb Web Server, Treck HTTP Server, Twilight Webserver, Twilight Utilities Web Server, ULTRAPOP i-HTTPD, Undertow HTTP Server, Undertow Web Server, Vector Ultra Mini HTTPD, VeryNginx, Vizer Web Server, vWebServer, W3C CERN httpd, WASD HTTP Server, WebLog Expert Web Server Enterprise, Web Server, West Street LocalWEB HTTP Server, West Wind Web Server, Wserve HTTP Server, Xeneo Web Server, Xerver Web Server, XiongMai uc-httpd, Xitami HTTP Server, Xitami Web Server, Yann Ramin ATPhttpd, Yaws Webserver, Yaws Web Server, ZEROF Web Server, Zeroo HTTP Server, Zeus Webserver, Zeus Web Server, Zeus Zeus Web Server, Zeus Technologies Zeus Web Server

04/13/20218.08.0ZEROF Web Server Login Page HandleEvent sql injectionWeb ServerNot DefinedNot Defined0.06CVE-2021-30175
04/09/20215.35.2Aprelium Abyss Web Server HTTP Request out-of-bounds readAbyss Web ServerNot DefinedWorkaround0.05CVE-2021-3328
03/26/20218.07.7GNU libmicrohttpd post_process_urlencoded buffer overflowlibmicrohttpdNot DefinedOfficial Fix0.04CVE-2021-3466
02/23/20214.84.8NanoHTTPD HTTP GET RouterNanoHTTPD.java GeneralHandler cross site scriptingNanoHTTPDNot DefinedNot Defined0.00CVE-2020-13697
02/08/20216.46.4sthttpd HTTP GET Request de_dotdot denial of servicesthttpdNot DefinedNot Defined0.05CVE-2021-26843
12/23/20207.37.0Treck HTTP Server heap-based overflowHTTP ServerNot DefinedOfficial Fix0.06CVE-2020-25066
12/22/20205.35.0MiniWeb HTTP Server POST Request denial of serviceHTTP ServerProof-of-ConceptNot Defined0.00CVE-2020-29596
11/06/20208.58.5Cellinx NVT Web Server SetFileContent.cgi improper authenticationNVT Web ServerNot DefinedNot Defined0.05CVE-2020-28250
10/20/20207.26.9Oracle HTTP Server null pointer dereferenceHTTP ServerNot DefinedOfficial Fix0.05CVE-2019-10097
10/20/20207.57.2Oracle HTTP Server SSL Module denial of serviceHTTP ServerNot DefinedOfficial Fix0.04CVE-2020-1967
10/20/20209.89.4Oracle HTTP Server Web Listener buffer overflowHTTP ServerNot DefinedOfficial Fix0.06CVE-2019-5482
09/09/20208.58.5Yaws Web Server CGI os command injectionWeb ServerNot DefinedNot Defined0.04CVE-2020-24916
09/09/20208.58.5Yaws Web Server WebDAV xml external entity referenceWeb ServerNot DefinedNot Defined0.02CVE-2020-24379
08/07/20206.46.4Apache HTTP Server HTTP2 Request request smugglingHTTP ServerNot DefinedNot Defined0.07CVE-2020-9490
08/07/20207.57.3Apache HTTP Server mod_http2 request smugglingHTTP ServerNot DefinedWorkaround0.18CVE-2020-11993
08/07/20206.36.3Apache HTTP Server mod_remoteip/mod_rewrite IP Address insufficient verification of data authenticityHTTP ServerNot DefinedNot Defined0.06CVE-2020-11985
08/07/20208.58.5Apache HTTP Server mod_proxy_uwsgi buffer overflowHTTP ServerNot DefinedNot Defined0.81CVE-2020-11984
07/02/20205.55.3Nginx Controller Kubernetes Package Download HTTP missing encryptionControllerNot DefinedOfficial Fix0.03CVE-2020-5911
07/02/20207.47.1Nginx Controller NATS Messaging System improper authenticationControllerNot DefinedOfficial Fix0.07CVE-2020-5910
07/02/20205.95.6Nginx Controller User Interface certificate validationControllerNot DefinedOfficial Fix0.05CVE-2020-5909
07/01/20206.96.9Nginx Controller API Endpoint Reflected cross site scriptingControllerNot DefinedNot Defined0.06CVE-2020-5901
07/01/20206.56.5Nginx Controller User Interface cross-site request forgeryControllerNot DefinedNot Defined0.00CVE-2020-5900
07/01/20206.56.5Nginx Controller password recoveryControllerNot DefinedNot Defined0.00CVE-2020-5899
05/14/20206.96.9nginx request smugglingnginxNot DefinedNot Defined3.04CVE-2020-12440
05/10/20206.46.4Oracle iPlanet Web Server Administration Console inadequate encryptioniPlanet Web ServerNot DefinedNot Defined0.05CVE-2020-9315
05/10/20205.45.4Oracle iPlanet Web Server Administration Console injectioniPlanet Web ServerNot DefinedNot Defined0.04CVE-2020-9314
05/07/20206.56.5Nginx Controller AVRD null terminationControllerNot DefinedNot Defined0.05CVE-2020-5895
05/07/20206.86.8Nginx Controller Web Server Logout session fixiationControllerNot DefinedNot Defined0.04CVE-2020-5894
04/23/20206.86.5Nginx Controller Agent Installer Script install.sh input validationControllerNot DefinedOfficial Fix0.04CVE-2020-5867
04/23/20205.45.2Nginx Controller helper.sh information disclosureControllerNot DefinedOfficial Fix0.06CVE-2020-5866
04/23/20204.24.1Nginx Controller Postgres Database Server information disclosureControllerNot DefinedOfficial Fix0.05CVE-2020-5865
04/23/20205.55.3Nginx Controller TLS certificate validationControllerNot DefinedOfficial Fix0.05CVE-2020-5864
04/15/20206.56.2Oracle HTTP Server Web Listener unknown vulnerabilityHTTP ServerNot DefinedOfficial Fix0.05CVE-2020-2952
04/15/20208.88.4Oracle HTTP Server Web Listener out-of-bounds writeHTTP ServerNot DefinedOfficial Fix0.02CVE-2017-5130
04/07/20208.58.2Honeywell Notifier Web Server path traversalNotifier Web ServerNot DefinedOfficial Fix0.05CVE-2020-6974
04/02/20208.58.5strong-nginx-controller _nginxCmd injectionstrong-nginx-controllerNot DefinedNot Defined0.07CVE-2020-7621
04/02/20206.76.7Apache HTTP Server mod_rewrite redirectHTTP ServerNot DefinedNot Defined1.00CVE-2020-1927
04/01/20208.08.0Apache HTTP Server mod_proxy_ftp uninitialized resourceHTTP ServerNot DefinedNot Defined0.00CVE-2020-1934
03/27/20207.97.6Nginx Controller Controller API authorizationControllerNot DefinedOfficial Fix0.01CVE-2020-5863
03/24/20208.28.2Notifier Web Server authentication replayNotifier Web ServerNot DefinedNot Defined0.05CVE-2020-6972
03/10/20207.47.1Microsoft IIS input validationIISNot DefinedOfficial Fix0.13CVE-2020-0645
02/28/20207.46.7Pablo Quick 'n Easy Web Server HTTP Service quickweb.exe double freeQuick 'n Easy Web ServerProof-of-ConceptNot Defined0.09CVE-2019-19943
01/23/20206.46.1Undertow HTTP Server HTTPS resource consumptionHTTP ServerNot DefinedOfficial Fix0.01CVE-2019-14888
01/18/20206.36.3Amcrest Web Server improper authenticationWeb ServerNot DefinedNot Defined0.01CVE-2020-7222
01/15/20205.35.1Oracle HTTP Server OSSL Module denial of serviceHTTP ServerNot DefinedOfficial Fix0.05CVE-2020-2545
01/15/20206.15.8Oracle HTTP Server Web Listener unknown vulnerabilityHTTP ServerNot DefinedOfficial Fix0.05CVE-2020-2530
01/09/20206.36.1nginx Error Page request smugglingnginxNot DefinedOfficial Fix0.41CVE-2019-20372
12/28/20198.58.5thttpd Underflow out-of-bounds writethttpdNot DefinedNot Defined0.05CVE-2007-0158
12/27/20197.57.5Static HTTP Server http.ini buffer overflowStatic HTTP ServerNot DefinedNot Defined0.00CVE-2013-4743
12/10/20196.25.9Monkey HTTP Daemon exposure of resourceHTTP DaemonNot DefinedOfficial Fix0.08CVE-2013-2183

Interested in the pricing of exploits?

See the underground prices here!