Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Total 2295 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-1268 3 Apache, Debian, Redhat 5 Http Server, Debian Linux, Enterprise Linux Desktop and 2 more 2024-02-28 5.0 MEDIUM N/A
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
CVE-2005-0108 1 Apache 1 Mod Auth Radius 2024-02-28 5.0 MEDIUM N/A
Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
CVE-2006-2447 1 Apache 1 Spamassassin 2024-02-28 5.1 MEDIUM N/A
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
CVE-2004-0942 1 Apache 1 Http Server 2024-02-28 5.0 MEDIUM N/A
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
CVE-2005-2970 4 Apache, Canonical, Fedoraproject and 1 more 6 Http Server, Ubuntu Linux, Fedora Core and 3 more 2024-02-28 5.0 MEDIUM N/A
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
CVE-2004-0940 6 Apache, Hp, Openpkg and 3 more 6 Http Server, Hp-ux, Openpkg and 3 more 2024-02-28 6.9 MEDIUM 7.8 HIGH
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
CVE-2006-1095 1 Apache 1 Mod Python 2024-02-28 7.2 HIGH N/A
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
CVE-2006-1546 1 Apache 1 Struts 2024-02-28 7.5 HIGH N/A
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
CVE-2005-4838 1 Apache 1 Tomcat 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
CVE-2006-0743 1 Apache 1 Log4net 2024-02-28 5.0 MEDIUM N/A
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
CVE-2006-3835 1 Apache 1 Tomcat 2024-02-28 5.0 MEDIUM N/A
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
CVE-2006-3918 4 Apache, Canonical, Debian and 1 more 5 Http Server, Ubuntu Linux, Debian Linux and 2 more 2024-02-28 4.3 MEDIUM N/A
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
CVE-2005-1344 1 Apache 1 Http Server 2024-02-28 7.5 HIGH N/A
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
CVE-2005-3357 1 Apache 1 Http Server 2024-02-28 5.4 MEDIUM N/A
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
CVE-2005-0508 1 Apache 1 Batik 2024-02-28 4.6 MEDIUM N/A
Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."
CVE-2005-0808 1 Apache 1 Tomcat 2024-02-28 5.0 MEDIUM N/A
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
CVE-2005-4849 1 Apache 1 Derby 2024-02-28 5.0 MEDIUM N/A
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
CVE-2003-1418 1 Apache 1 Http Server 2024-02-28 4.3 MEDIUM N/A
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).
CVE-2003-1172 1 Apache 1 Cocoon 2024-02-28 5.0 MEDIUM N/A
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2004-0492 5 Apache, Hp, Ibm and 2 more 7 Http Server, Virtualvault, Vvos and 4 more 2024-02-28 10.0 HIGH N/A
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.