Total
298 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0134 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names. | |||||
CVE-2003-0192 | 1 Apache | 1 Http Server | 2023-12-10 | 6.4 MEDIUM | N/A |
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. | |||||
CVE-2004-0751 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). | |||||
CVE-2002-0843 | 2 Apache, Oracle | 4 Http Server, Application Server, Database Server and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | |||||
CVE-2000-1204 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root. | |||||
CVE-2001-0729 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. | |||||
CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2023-12-10 | 5.0 MEDIUM | N/A |
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | |||||
CVE-2002-0392 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2023-12-10 | 7.5 HIGH | N/A |
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. | |||||
CVE-2001-1534 | 1 Apache | 1 Http Server | 2023-12-10 | 2.1 LOW | N/A |
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. | |||||
CVE-2004-0492 | 5 Apache, Hp, Ibm and 2 more | 7 Http Server, Virtualvault, Vvos and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. | |||||
CVE-2004-0786 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. | |||||
CVE-2001-1449 | 2 Apache, Mandrakesoft | 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | |||||
CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2023-12-10 | 7.5 HIGH | N/A |
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | |||||
CVE-2004-0493 | 5 Apache, Avaya, Gentoo and 2 more | 8 Http Server, Converged Communications Server, S8300 and 5 more | 2023-12-10 | 6.4 MEDIUM | N/A |
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | |||||
CVE-2004-0113 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. | |||||
CVE-2001-1556 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | |||||
CVE-2001-1342 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. | |||||
CVE-2002-2103 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. |