Total
298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0240 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | |||||
| CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2023-12-10 | 3.3 LOW | N/A |
| htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2004-0885 | 1 Apache | 1 Http Server | 2023-12-10 | 7.5 HIGH | N/A |
| The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | |||||
| CVE-2000-0913 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. | |||||
| CVE-2002-0249 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | |||||
| CVE-1999-1199 | 1 Apache | 1 Http Server | 2023-12-10 | 10.0 HIGH | N/A |
| Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. | |||||
| CVE-2002-2272 | 1 Apache | 2 Http Server, Tomcat | 2023-12-10 | 7.8 HIGH | N/A |
| Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. | |||||
| CVE-2002-2012 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request. | |||||
| CVE-2004-1834 | 1 Apache | 1 Http Server | 2023-12-10 | 2.1 LOW | N/A |
| mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | |||||
| CVE-2000-1206 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files. | |||||
| CVE-2003-0083 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. | |||||
| CVE-2004-0263 | 2 Apache, Ibm | 2 Http Server, Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2003-0020 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. | |||||
| CVE-1999-1237 | 1 Apache | 1 Http Server | 2023-12-10 | 10.0 HIGH | N/A |
| Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods. | |||||
| CVE-2002-1593 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. | |||||
| CVE-2003-0245 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors. | |||||
| CVE-2000-0505 | 2 Apache, Ibm | 2 Http Server, Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. | |||||
| CVE-1999-0236 | 2 Apache, Illinois | 2 Http Server, Ncsa Httpd | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | |||||
| CVE-1999-0678 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
| A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | |||||
| CVE-2002-0257 | 2 Apache, Usanet Creations | 2 Http Server, Makebid Auction Deluxe | 2023-12-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. | |||||