Filtered by vendor Apache
Subscribe
Total
2116 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0249 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | |||||
CVE-2002-1592 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information. | |||||
CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2024-02-04 | 10.0 HIGH | N/A |
phf CGI program allows remote command execution through shell metacharacters. | |||||
CVE-2000-0505 | 2 Apache, Ibm | 2 Http Server, Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. | |||||
CVE-2002-0654 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. | |||||
CVE-2004-0809 | 8 Apache, Conectiva, Gentoo and 5 more | 12 Http Server, Linux, Linux and 9 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. | |||||
CVE-2000-1204 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root. | |||||
CVE-2001-1563 | 2 Apache, Hp | 2 Tomcat, Secure Os | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers. | |||||
CVE-1999-0071 | 1 Apache | 1 Http Server | 2024-02-04 | 7.5 HIGH | N/A |
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | |||||
CVE-2002-0843 | 2 Apache, Oracle | 4 Http Server, Application Server, Database Server and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | |||||
CVE-2003-0192 | 1 Apache | 1 Http Server | 2024-02-04 | 6.4 MEDIUM | N/A |
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. | |||||
CVE-2003-0460 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. | |||||
CVE-2003-0542 | 1 Apache | 1 Http Server | 2024-02-04 | 7.2 HIGH | N/A |
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. | |||||
CVE-1999-0678 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | |||||
CVE-2002-1658 | 1 Apache | 1 Http Server | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
CVE-2004-0811 | 1 Apache | 1 Http Server | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. | |||||
CVE-2000-0868 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. | |||||
CVE-2001-0729 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. | |||||
CVE-2002-1233 | 1 Apache | 1 Http Server | 2024-02-04 | 2.6 LOW | N/A |
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. | |||||
CVE-2003-0189 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used. |