Total
304 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0249 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | |||||
CVE-2004-0263 | 2 Apache, Ibm | 2 Http Server, Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | |||||
CVE-1999-0071 | 1 Apache | 1 Http Server | 2024-02-28 | 7.5 HIGH | N/A |
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | |||||
CVE-2002-2272 | 1 Apache | 2 Http Server, Tomcat | 2024-02-28 | 7.8 HIGH | N/A |
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. | |||||
CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-28 | 3.3 LOW | N/A |
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2003-0542 | 1 Apache | 1 Http Server | 2024-02-28 | 7.2 HIGH | N/A |
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. | |||||
CVE-2000-0505 | 2 Apache, Ibm | 2 Http Server, Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. | |||||
CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2024-02-28 | 10.0 HIGH | N/A |
phf CGI program allows remote command execution through shell metacharacters. | |||||
CVE-2002-1658 | 1 Apache | 1 Http Server | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | |||||
CVE-2003-0189 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used. | |||||
CVE-1999-0678 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | |||||
CVE-2001-0730 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. | |||||
CVE-2004-0113 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. | |||||
CVE-2002-0843 | 2 Apache, Oracle | 4 Http Server, Application Server, Database Server and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | |||||
CVE-2004-0493 | 5 Apache, Avaya, Gentoo and 2 more | 8 Http Server, Converged Communications Server, S8300 and 5 more | 2024-02-28 | 6.4 MEDIUM | N/A |
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | |||||
CVE-2002-0661 | 1 Apache | 1 Http Server | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. | |||||
CVE-2001-1449 | 2 Apache, Mandrakesoft | 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | |||||
CVE-2001-0042 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. | |||||
CVE-2004-0809 | 8 Apache, Debian, Gentoo and 5 more | 12 Http Server, Debian Linux, Linux and 9 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. |