Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Http Server
Total 267 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1743 1 Apache 1 Http Server 2008-09-05 4.4 MEDIUM N/A
suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
CVE-2002-2012 1 Apache 1 Http Server 2008-09-05 5.0 MEDIUM N/A
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
CVE-2002-2103 1 Apache 1 Http Server 2008-09-05 5.0 MEDIUM N/A
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
CVE-2002-2029 1 Apache 1 Http Server 2008-09-05 7.5 HIGH N/A
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
CVE-2001-0766 1 Apache 1 Http Server 2008-09-05 7.5 HIGH N/A
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
CVE-1999-0926 1 Apache 1 Http Server 2008-09-05 10.0 HIGH N/A
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
CVE-1999-1053 2 Apache, Matt Wright 2 Http Server, Matt Wright Guestbook 2008-09-05 7.5 HIGH N/A cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".