Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Http Server
Total 304 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3304 4 Apache, Canonical, Fedoraproject and 1 more 6 Http Server, Ubuntu Linux, Fedora and 3 more 2024-02-28 4.7 MEDIUM N/A
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
CVE-2007-6514 2 Apache, Linux 2 Http Server, Linux Kernel 2024-02-28 4.3 MEDIUM N/A
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
CVE-2007-4723 2 Apache, Ragnarok Online Control Panel Project 2 Http Server, Ragnarok Online Control Panel 2024-02-28 7.5 HIGH N/A
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
CVE-2008-0005 3 Apache, Canonical, Fedoraproject 3 Http Server, Ubuntu Linux, Fedora 2024-02-28 4.3 MEDIUM N/A
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
CVE-2005-2088 2 Apache, Debian 2 Http Server, Debian Linux 2024-02-28 4.3 MEDIUM N/A
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2006-3747 3 Apache, Canonical, Debian 3 Http Server, Ubuntu Linux, Debian Linux 2024-02-28 7.6 HIGH N/A
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
CVE-2005-3352 1 Apache 1 Http Server 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
CVE-2005-2728 1 Apache 1 Http Server 2024-02-28 5.0 MEDIUM N/A
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
CVE-2005-2700 3 Apache, Canonical, Debian 3 Http Server, Ubuntu Linux, Debian Linux 2024-02-28 10.0 HIGH N/A
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
CVE-2006-4110 1 Apache 1 Http Server 2024-02-28 4.3 MEDIUM N/A
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
CVE-2005-1268 3 Apache, Debian, Redhat 5 Http Server, Debian Linux, Enterprise Linux Desktop and 2 more 2024-02-28 5.0 MEDIUM N/A
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
CVE-2004-0942 1 Apache 1 Http Server 2024-02-28 5.0 MEDIUM N/A
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
CVE-2005-2970 4 Apache, Canonical, Fedoraproject and 1 more 6 Http Server, Ubuntu Linux, Fedora Core and 3 more 2024-02-28 5.0 MEDIUM N/A
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
CVE-2004-0940 6 Apache, Hp, Openpkg and 3 more 6 Http Server, Hp-ux, Openpkg and 3 more 2024-02-28 6.9 MEDIUM 7.8 HIGH
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
CVE-2006-3918 4 Apache, Canonical, Debian and 1 more 5 Http Server, Ubuntu Linux, Debian Linux and 2 more 2024-02-28 4.3 MEDIUM N/A
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
CVE-2005-1344 1 Apache 1 Http Server 2024-02-28 7.5 HIGH N/A
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
CVE-2005-3357 1 Apache 1 Http Server 2024-02-28 5.4 MEDIUM N/A
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
CVE-2003-1418 1 Apache 1 Http Server 2024-02-28 4.3 MEDIUM N/A
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).
CVE-2004-0492 5 Apache, Hp, Ibm and 2 more 7 Http Server, Virtualvault, Vvos and 4 more 2024-02-28 10.0 HIGH N/A
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
CVE-2001-0766 2 Apache, Apple 2 Http Server, Mac Os X 2024-02-28 7.5 HIGH 9.8 CRITICAL
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.