Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Http Server
Total 298 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-1053 2 Apache, Matt Wright 2 Http Server, Matt Wright Guestbook 2023-12-10 7.5 HIGH N/A
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
CVE-2001-0731 1 Apache 1 Http Server 2023-12-10 5.0 MEDIUM N/A
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
CVE-2000-0868 2 Apache, Suse 2 Http Server, Suse Linux 2023-12-10 5.0 MEDIUM N/A
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
CVE-2004-1387 1 Apache 1 Http Server 2023-12-10 2.1 LOW N/A
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
CVE-2000-1205 1 Apache 1 Http Server 2023-12-10 4.3 MEDIUM N/A
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
CVE-2004-0809 8 Apache, Debian, Gentoo and 5 more 12 Http Server, Debian Linux, Linux and 9 more 2023-12-10 5.0 MEDIUM N/A
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVE-2003-0542 1 Apache 1 Http Server 2023-12-10 7.2 HIGH N/A
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
CVE-2002-1156 1 Apache 1 Http Server 2023-12-10 5.0 MEDIUM N/A
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
CVE-1999-0107 1 Apache 1 Http Server 2023-12-10 5.0 MEDIUM N/A
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
CVE-2003-0987 1 Apache 1 Http Server 2023-12-10 7.5 HIGH N/A
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
CVE-1999-1293 1 Apache 1 Http Server 2023-12-10 10.0 HIGH N/A
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
CVE-2004-0811 1 Apache 1 Http Server 2023-12-10 7.5 HIGH N/A
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
CVE-2001-1072 1 Apache 1 Http Server 2023-12-10 5.0 MEDIUM N/A
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
CVE-2002-2029 1 Apache 1 Http Server 2023-12-10 7.5 HIGH N/A
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
CVE-1999-0070 1 Apache 1 Http Server 2023-12-10 5.0 MEDIUM N/A
test-cgi program allows an attacker to list files on the server.
CVE-2003-0189 1 Apache 1 Http Server 2023-12-10 5.0 MEDIUM N/A
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
CVE-2003-0460 1 Apache 1 Http Server 2023-12-10 5.0 MEDIUM N/A
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
CVE-1999-0926 1 Apache 1 Http Server 2023-12-10 10.0 HIGH N/A
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
CVE-2003-0253 1 Apache 1 Http Server 2023-12-10 5.0 MEDIUM N/A
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
CVE-1999-0071 1 Apache 1 Http Server 2023-12-10 7.5 HIGH N/A
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.