apk package
chainguard/apache2-doc
pkg:apk/chainguard/apache2-doc
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-23048 | Cri | 9.1 | < 0 | 0 | Jul 10, 2025 | In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a d | |
| CVE-2025-3891 | Hig | 7.5 | < 0 | 0 | Apr 29, 2025 | A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availab | |
| CVE-2008-2168 | — | < 0 | 0 | May 13, 2008 | Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page. | ||
| CVE-2007-6423 | — | < 2.4.66-r0 | 2.4.66-r0 | Jan 12, 2008 | Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue | ||
| CVE-2007-6421 | — | < 0 | 0 | Jan 8, 2008 | Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. | ||
| CVE-2007-6422 | — | < 0 | 0 | Jan 8, 2008 | The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. | ||
| CVE-2007-0450 | — | < 2.4.63-r1 | 2.4.63-r1 | Mar 16, 2007 | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" | ||
| CVE-2007-0086 | — | < 2.4.63-r1 | 2.4.63-r1 | Jan 5, 2007 | The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue | ||
| CVE-1999-0289 | — | < 2.4.66-r0 | 2.4.66-r0 | Dec 12, 1999 | The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | ||
| CVE-1999-1237 | — | < 2.4.63-r1 | 2.4.63-r1 | Jun 6, 1999 | Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods. | ||
| CVE-1999-1412 | — | < 2.4.63-r1 | 2.4.63-r1 | Jun 3, 1999 | A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | ||
| CVE-1999-0678 | — | < 2.4.66-r0 | 2.4.66-r0 | Jan 17, 1999 | A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | ||
| CVE-1999-0236 | Hig | 7.5 | < 2.4.63-r1 | 2.4.63-r1 | Jan 1, 1997 | ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. |
- affected < 0fixed 0
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a d
- affected < 0fixed 0
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availab
- CVE-2008-2168May 13, 2008affected < 0fixed 0
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
- CVE-2007-6423Jan 12, 2008affected < 2.4.66-r0fixed 2.4.66-r0
Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue
- CVE-2007-6421Jan 8, 2008affected < 0fixed 0
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
- CVE-2007-6422Jan 8, 2008affected < 0fixed 0
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
- CVE-2007-0450Mar 16, 2007affected < 2.4.63-r1fixed 2.4.63-r1
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/"
- CVE-2007-0086Jan 5, 2007affected < 2.4.63-r1fixed 2.4.63-r1
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue
- CVE-1999-0289Dec 12, 1999affected < 2.4.66-r0fixed 2.4.66-r0
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
- CVE-1999-1237Jun 6, 1999affected < 2.4.63-r1fixed 2.4.63-r1
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
- CVE-1999-1412Jun 3, 1999affected < 2.4.63-r1fixed 2.4.63-r1
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
- CVE-1999-0678Jan 17, 1999affected < 2.4.66-r0fixed 2.4.66-r0
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
- affected < 2.4.63-r1fixed 2.4.63-r1
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.