Filtered by vendor Apache
Subscribe
Total
2116 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0240 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | |||||
CVE-2003-0987 | 1 Apache | 1 Http Server | 2024-02-04 | 7.5 HIGH | N/A |
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. | |||||
CVE-2003-0044 | 1 Apache | 1 Tomcat | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. | |||||
CVE-2004-1387 | 1 Apache | 1 Http Server | 2024-02-04 | 2.1 LOW | N/A |
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | |||||
CVE-2002-2272 | 1 Apache | 2 Http Server, Tomcat | 2024-02-04 | 7.8 HIGH | N/A |
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. | |||||
CVE-1999-0926 | 1 Apache | 1 Http Server | 2024-02-04 | 10.0 HIGH | N/A |
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | |||||
CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2024-02-04 | 5.0 MEDIUM | N/A |
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | |||||
CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2024-02-04 | 7.5 HIGH | N/A |
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | |||||
CVE-2002-1148 | 1 Apache | 1 Tomcat | 2024-02-04 | 5.0 MEDIUM | N/A |
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. | |||||
CVE-2009-0023 | 1 Apache | 1 Apr-util | 2024-02-02 | 4.3 MEDIUM | N/A |
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow. | |||||
CVE-2007-6388 | 1 Apache | 1 Http Server | 2024-02-02 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-1955 | 7 Apache, Apple, Canonical and 4 more | 7 Apr-util, Mac Os X, Ubuntu Linux and 4 more | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | |||||
CVE-2004-0747 | 1 Apache | 1 Http Server | 2024-02-02 | 4.6 MEDIUM | 7.8 HIGH |
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. | |||||
CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2024-02-02 | 9.3 HIGH | 8.6 HIGH |
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | |||||
CVE-2004-0940 | 6 Apache, Hp, Openpkg and 3 more | 6 Http Server, Hp-ux, Openpkg and 3 more | 2024-02-02 | 6.9 MEDIUM | 7.8 HIGH |
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | |||||
CVE-2001-0766 | 1 Apache | 1 Http Server | 2024-02-02 | 7.5 HIGH | 9.8 CRITICAL |
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. |