HTTP Server
by Apache
Source repositories
CVEs (341)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0789 | 0.00 | — | 0.12 | Nov 3, 2003 | mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. | |||
| CVE-2003-0192 | 0.00 | — | 0.06 | Aug 18, 2003 | Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the… | |||
| CVE-2003-0134 | 0.00 | — | 0.06 | Apr 11, 2003 | Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names. | |||
| CVE-2003-0017 | 0.00 | — | 0.06 | Feb 7, 2003 | Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. | |||
| CVE-2002-1658 | 0.00 | — | 0.01 | Dec 31, 2002 | Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of… | |||
| CVE-2002-2012 | 0.00 | — | 0.06 | Dec 31, 2002 | Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request. | |||
| CVE-2002-2103 | 0.00 | — | 0.06 | Dec 31, 2002 | Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. | |||
| CVE-2002-1233 | 0.00 | — | 0.01 | Nov 4, 2002 | A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the… | |||
| CVE-2002-0839 | 0.00 | — | 0.01 | Oct 11, 2002 | The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be… | |||
| CVE-2002-0257 | 0.00 | — | 0.04 | May 29, 2002 | Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3,… | |||
| CVE-2002-0061 | 0.00 | — | 0.50 | Mar 21, 2002 | Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically… | |||
| CVE-2001-1556 | 0.00 | — | 0.04 | Dec 31, 2001 | The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail,… | |||
| CVE-2001-1534 | 0.00 | — | 0.01 | Dec 31, 2001 | mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for… | |||
| CVE-2001-1072 | 0.00 | — | 0.04 | Aug 31, 2001 | Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | |||
| CVE-2001-0131 | 0.00 | — | 0.02 | Mar 12, 2001 | htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-1999-1293 | 0.00 | — | 0.04 | Dec 31, 1999 | mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core. | |||
| CVE-1999-0289 | 0.00 | — | 0.04 | Dec 12, 1999 | The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | |||
| CVE-2000-1206 | 0.00 | — | 0.05 | Aug 20, 1999 | Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files. | |||
| CVE-1999-1199 | 0.00 | — | 0.07 | Aug 7, 1998 | Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. | |||
| CVE-1999-0071 | 0.00 | — | 0.04 | Sep 1, 1997 | Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. |
- CVE-2003-0789Nov 3, 2003risk 0.00cvss —epss 0.12
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
- CVE-2003-0192Aug 18, 2003risk 0.00cvss —epss 0.06
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the…
- CVE-2003-0134Apr 11, 2003risk 0.00cvss —epss 0.06
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
- CVE-2003-0017Feb 7, 2003risk 0.00cvss —epss 0.06
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
- CVE-2002-1658Dec 31, 2002risk 0.00cvss —epss 0.01
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of…
- CVE-2002-2012Dec 31, 2002risk 0.00cvss —epss 0.06
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
- CVE-2002-2103Dec 31, 2002risk 0.00cvss —epss 0.06
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
- CVE-2002-1233Nov 4, 2002risk 0.00cvss —epss 0.01
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the…
- CVE-2002-0839Oct 11, 2002risk 0.00cvss —epss 0.01
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be…
- CVE-2002-0257May 29, 2002risk 0.00cvss —epss 0.04
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3,…
- CVE-2002-0061Mar 21, 2002risk 0.00cvss —epss 0.50
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically…
- CVE-2001-1556Dec 31, 2001risk 0.00cvss —epss 0.04
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail,…
- CVE-2001-1534Dec 31, 2001risk 0.00cvss —epss 0.01
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for…
- CVE-2001-1072Aug 31, 2001risk 0.00cvss —epss 0.04
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
- CVE-2001-0131Mar 12, 2001risk 0.00cvss —epss 0.02
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
- CVE-1999-1293Dec 31, 1999risk 0.00cvss —epss 0.04
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
- CVE-1999-0289Dec 12, 1999risk 0.00cvss —epss 0.04
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
- CVE-2000-1206Aug 20, 1999risk 0.00cvss —epss 0.05
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
- CVE-1999-1199Aug 7, 1998risk 0.00cvss —epss 0.07
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
- CVE-1999-0071Sep 1, 1997risk 0.00cvss —epss 0.04
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
Page 17 of 18