Filtered by vendor Apache
Subscribe
Total
2279 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0045 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. | |||||
CVE-2000-0759 | 1 Apache | 1 Tomcat | 2024-02-28 | 6.4 MEDIUM | N/A |
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path. | |||||
CVE-1999-0071 | 1 Apache | 1 Http Server | 2024-02-28 | 7.5 HIGH | N/A |
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | |||||
CVE-2002-1148 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. | |||||
CVE-2000-1210 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. | |||||
CVE-2002-2272 | 1 Apache | 2 Http Server, Tomcat | 2024-02-28 | 7.8 HIGH | N/A |
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. | |||||
CVE-2001-0917 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. | |||||
CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-28 | 3.3 LOW | N/A |
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2003-0542 | 1 Apache | 1 Http Server | 2024-02-28 | 7.2 HIGH | N/A |
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. | |||||
CVE-2000-0505 | 2 Apache, Ibm | 2 Http Server, Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. | |||||
CVE-2002-0936 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | |||||
CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2024-02-28 | 10.0 HIGH | N/A |
phf CGI program allows remote command execution through shell metacharacters. | |||||
CVE-2002-1658 | 1 Apache | 1 Http Server | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | |||||
CVE-2003-0189 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used. | |||||
CVE-1999-0678 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | |||||
CVE-2001-0730 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. | |||||
CVE-2004-0113 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. | |||||
CVE-2002-0843 | 2 Apache, Oracle | 4 Http Server, Application Server, Database Server and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | |||||
CVE-2000-0760 | 1 Apache | 1 Tomcat | 2024-02-28 | 6.4 MEDIUM | N/A |
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. |