Filtered by vendor Apache
Subscribe
Total
2279 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0192 | 1 Apache | 1 Http Server | 2024-02-28 | 6.4 MEDIUM | N/A |
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. | |||||
CVE-2003-0016 | 1 Apache | 1 Http Server | 2024-02-28 | 7.5 HIGH | N/A |
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. | |||||
CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2024-02-28 | 5.0 MEDIUM | N/A |
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | |||||
CVE-2004-1387 | 1 Apache | 1 Http Server | 2024-02-28 | 2.1 LOW | N/A |
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | |||||
CVE-2004-0173 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | |||||
CVE-2004-0811 | 1 Apache | 1 Http Server | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. | |||||
CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2024-02-28 | 5.0 MEDIUM | N/A |
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | |||||
CVE-2000-0869 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. | |||||
CVE-2004-0747 | 1 Apache | 1 Http Server | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. | |||||
CVE-2003-0044 | 1 Apache | 1 Tomcat | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. | |||||
CVE-2001-1072 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | |||||
CVE-2003-0132 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. | |||||
CVE-2004-0748 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. | |||||
CVE-2003-0254 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket. | |||||
CVE-2004-0488 | 3 Apache, Debian, Redhat | 4 Http Server, Debian Linux, Enterprise Linux Server and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. | |||||
CVE-1999-0107 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | |||||
CVE-2003-0253 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service. | |||||
CVE-2003-0017 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. | |||||
CVE-2003-0987 | 1 Apache | 1 Http Server | 2024-02-28 | 7.5 HIGH | N/A |
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. | |||||
CVE-2004-0786 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. |