Total
304 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2029 | 1 Apache | 1 Http Server | 2024-02-28 | 7.5 HIGH | N/A |
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. | |||||
CVE-2004-0174 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." | |||||
CVE-2004-1834 | 1 Apache | 1 Http Server | 2024-02-28 | 2.1 LOW | N/A |
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | |||||
CVE-2002-1850 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. | |||||
CVE-2002-1593 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. | |||||
CVE-2002-2012 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request. | |||||
CVE-2002-0654 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. | |||||
CVE-1999-1293 | 1 Apache | 1 Http Server | 2024-02-28 | 10.0 HIGH | N/A |
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core. | |||||
CVE-2003-0192 | 1 Apache | 1 Http Server | 2024-02-28 | 6.4 MEDIUM | N/A |
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. | |||||
CVE-2003-0016 | 1 Apache | 1 Http Server | 2024-02-28 | 7.5 HIGH | N/A |
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. | |||||
CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2024-02-28 | 5.0 MEDIUM | N/A |
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | |||||
CVE-2004-1387 | 1 Apache | 1 Http Server | 2024-02-28 | 2.1 LOW | N/A |
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | |||||
CVE-2004-0173 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | |||||
CVE-2004-0811 | 1 Apache | 1 Http Server | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. | |||||
CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2024-02-28 | 5.0 MEDIUM | N/A |
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | |||||
CVE-2000-0869 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. | |||||
CVE-2004-0747 | 1 Apache | 1 Http Server | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. | |||||
CVE-2001-1072 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | |||||
CVE-2003-0132 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. | |||||
CVE-2004-0748 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. |