VYPR

Apache HTTP Server

by Debian

CVEs (2)

  • CVE-2006-7098Mar 3, 2007
    risk 0.03cvss epss 0.01

    The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.

  • CVE-2012-0216Apr 22, 2012
    risk 0.00cvss epss 0.00

    The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct…