VYPR

Apache HTTP Server

by Novell

CVEs (18)

  • CVE-2016-10140HigJan 13, 2017
    Novell
    Apache HTTP Server
    risk 0.51cvss 7.5epss 0.34

    Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated…

  • CVE-2009-2699HigOct 13, 2009
    Apache
    HTTP Server
    risk 0.42cvss 7.5epss 0.09

    The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a…

  • CVE-2004-0751Oct 20, 2004
    Apache
    HTTP Server
    risk 0.07cvss epss 0.48

    The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).

  • CVE-2000-0505May 31, 2000
    Apache
    HTTP Server
    risk 0.07cvss epss 0.46

    The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.

  • CVE-2014-3583Dec 15, 2014
    Apache
    HTTP Server
    risk 0.03cvss epss 0.42

    The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

  • CVE-2004-0492Aug 6, 2004
    OpenBSD
    OpenBSD
    risk 0.02cvss epss 0.24

    Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be…

  • CVE-2015-3185Jul 20, 2015
    Apache
    HTTP Server
    risk 0.01cvss epss 0.06

    The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended…

  • CVE-2010-1452Jul 28, 2010
    Apache
    HTTP Server
    risk 0.01cvss epss 0.14

    The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.

  • CVE-2007-1862Jun 4, 2007
    Apache
    HTTP Server
    risk 0.01cvss epss 0.11

    The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.

  • CVE-2003-0460Aug 27, 2003
    Apache
    HTTP Server
    risk 0.01cvss epss 0.09

    The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.

  • CVE-2003-0192Aug 18, 2003
    Apache
    HTTP Server
    risk 0.01cvss epss 0.13

    Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the…

  • CVE-2023-38709Apr 4, 2024
    Apache
    HTTP Server
    risk 0.00cvss epss 0.04

    Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

  • CVE-2008-2384Jan 22, 2009
    Novell
    Apache HTTP Server
    risk 0.00cvss epss 0.05

    SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to…

  • CVE-2006-6675Dec 21, 2006
    Novell
    Netware
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app.

  • CVE-2004-1834Mar 20, 2004
    Apache
    HTTP Server
    risk 0.00cvss epss 0.00

    mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.

  • CVE-2003-0542Nov 3, 2003
    Apache
    HTTP Server
    risk 0.00cvss epss 0.01

    Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

  • CVE-2002-1658Dec 31, 2002
    Apache
    HTTP Server
    risk 0.00cvss epss 0.00

    Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of…

  • CVE-2000-1205Feb 1, 2000
    Apache
    HTTP Server
    risk 0.00cvss epss 0.06

    Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a…