A Web Server is a computer system that host information and provides it to users who accesses through HTTP using web browser. Web Service is most used service on Internet and hence is the most targeted by attacker.
The following the various attacks performed on Web Server:
Directory Transversal Attack is where the attacker exploits poorly configured web server to transverse to restricted directories and access un-authorized data. Attackers use dot-dot-slash (../) to access restricted directories.
Website defacement is where the attacker makes unauthorized changes to the content of a web page and changes the appearance of the website.
DoS/DDoS Attack is where the attacker performs Application Layer DoS/DDoS attack by sending multiple requests to exhaust the resources of the web server leading to denial of the web service.
HTTP Response Splitting Attack is where the attacker exploits the vulnerability of web server of not properly doing input validation of http headers and payloads coming from clients. The attacker splits the response to web server inserts code lines into response header. The web server combines the response into single request which becomes malicious.
Web Cache Poisoning is where the attacker poisons the web cache with malicious content. Caches are intermediate temporary storage which stores repeated accessed web content. The attacker sends a http request, so that the web server responds with the poisoned response which has malicious content. The cache stores this malicious content. Whenever other clients try to access the same http content, the cache provides the malicious content.