Filtered by vendor Apache
Subscribe
Total
655 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-1206 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files. | |||||
CVE-2003-0083 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. | |||||
CVE-2003-0042 | 1 Apache | 1 Tomcat | 2023-12-10 | 5.0 MEDIUM | N/A |
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. | |||||
CVE-2004-0263 | 2 Apache, Ibm | 2 Http Server, Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | |||||
CVE-2003-0020 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. | |||||
CVE-1999-1237 | 1 Apache | 1 Http Server | 2023-12-10 | 10.0 HIGH | N/A |
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods. | |||||
CVE-2002-2008 | 1 Apache | 1 Tomcat | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message. | |||||
CVE-2002-0185 | 1 Apache | 1 Mod Python | 2023-12-10 | 7.5 HIGH | N/A |
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module. | |||||
CVE-2002-1593 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. | |||||
CVE-2003-0973 | 1 Apache | 1 Mod Python | 2023-12-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. | |||||
CVE-2003-0245 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors. | |||||
CVE-2002-1148 | 1 Apache | 1 Tomcat | 2023-12-10 | 5.0 MEDIUM | N/A |
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. | |||||
CVE-2001-1563 | 2 Apache, Hp | 2 Tomcat, Secure Os | 2023-12-10 | 7.5 HIGH | N/A |
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers. | |||||
CVE-2000-0505 | 2 Apache, Ibm | 2 Http Server, Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. | |||||
CVE-1999-0678 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | |||||
CVE-2004-0179 | 3 Apache, Debian, Webdav | 5 Openoffice, Subversion, Debian Linux and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. | |||||
CVE-2002-0257 | 2 Apache, Usanet Creations | 2 Http Server, Makebid Auction Deluxe | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. | |||||
CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2023-12-10 | 7.5 HIGH | N/A |
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | |||||
CVE-2001-0731 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. | |||||
CVE-2000-0868 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. |