VYPR

HTTP Server

by Apache

Source repositories

CVEs (341)

  • CVE-2009-1195May 28, 2009
    risk 0.00cvss epss 0.02

    The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a…

  • CVE-2008-2384Jan 22, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to…

  • CVE-2008-5676Dec 19, 2008
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via…

  • CVE-2007-6423Jan 12, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue

  • CVE-2007-3304Jun 20, 2007
    risk 0.00cvss epss 0.03

    Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1…

  • CVE-2007-3303Jun 20, 2007
    risk 0.00cvss epss 0.01

    Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2)…

  • CVE-2007-1862Jun 4, 2007
    risk 0.00cvss epss 0.05

    The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.

  • CVE-2007-1743Apr 13, 2007
    risk 0.00cvss epss 0.01

    suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable,…

  • CVE-2007-1742Apr 13, 2007
    risk 0.00cvss epss 0.01

    suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and…

  • CVE-2007-1741Apr 13, 2007
    risk 0.00cvss epss 0.01

    Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is…

  • CVE-2005-3352Dec 13, 2005
    risk 0.00cvss epss 0.74

    Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

  • CVE-2005-1344May 2, 2005
    risk 0.00cvss epss 0.29

    Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges,…

  • CVE-2004-1387Dec 31, 2004
    risk 0.00cvss epss 0.01

    The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

  • CVE-2004-2343Dec 31, 2004
    risk 0.00cvss epss 0.01

    Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only…

  • CVE-2004-0263Nov 23, 2004
    risk 0.00cvss epss 0.03

    PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

  • CVE-2004-0488Jul 7, 2004
    risk 0.00cvss epss 0.38

    Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

  • CVE-2004-1834Mar 20, 2004
    risk 0.00cvss epss 0.04

    mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.

  • CVE-2003-0987Mar 3, 2004
    risk 0.00cvss epss 0.06

    mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

  • CVE-2003-0249Dec 31, 2003
    risk 0.00cvss epss 0.01

    PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been…

  • CVE-2003-1418Dec 31, 2003
    risk 0.00cvss epss 0.07

    Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).