VYPR

Vendor CVEs

Apache

All CVEs

2,543 total · sorted by risk
  • CVE-2004-2343Dec 31, 2004
    risk 0.00cvss epss 0.01

    Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only…

  • CVE-2004-1438Dec 31, 2004
    risk 0.00cvss epss 0.01

    The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.

  • CVE-2004-0263Nov 23, 2004
    risk 0.00cvss epss 0.03

    PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

  • CVE-2004-0700Jul 27, 2004
    risk 0.00cvss epss 0.06

    Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by…

  • CVE-2004-0488Jul 7, 2004
    risk 0.00cvss epss 0.38

    Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

  • CVE-2004-1834Mar 20, 2004
    risk 0.00cvss epss 0.04

    mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.

  • CVE-2003-0987Mar 3, 2004
    risk 0.00cvss epss 0.06

    mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

  • CVE-2004-0096Mar 3, 2004
    risk 0.00cvss epss 0.04

    Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.

  • CVE-2003-0249Dec 31, 2003
    risk 0.00cvss epss 0.01

    PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been…

  • CVE-2003-1418Dec 31, 2003
    risk 0.00cvss epss 0.07

    Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).

  • CVE-2003-0973Dec 15, 2003
    risk 0.00cvss epss 0.06

    Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.

  • CVE-2003-0789Nov 3, 2003
    risk 0.00cvss epss 0.12

    mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.

  • CVE-2003-0192Aug 18, 2003
    risk 0.00cvss epss 0.06

    Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the…

  • CVE-2003-0134Apr 11, 2003
    risk 0.00cvss epss 0.06

    Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.

  • CVE-2003-0045Feb 7, 2003
    risk 0.00cvss epss 0.02

    Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

  • CVE-2003-0017Feb 7, 2003
    risk 0.00cvss epss 0.06

    Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.

  • CVE-2003-0043Feb 7, 2003
    risk 0.00cvss epss 0.04

    Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

  • CVE-2002-1394Jan 17, 2003
    risk 0.00cvss epss 0.05

    Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

  • CVE-2002-1658Dec 31, 2002
    risk 0.00cvss epss 0.01

    Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of…

  • CVE-2002-1895Dec 31, 2002
    risk 0.00cvss epss 0.04

    The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.

  • CVE-2002-2012Dec 31, 2002
    risk 0.00cvss epss 0.06

    Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.

  • CVE-2002-2103Dec 31, 2002
    risk 0.00cvss epss 0.06

    Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.

  • CVE-2002-1233Nov 4, 2002
    risk 0.00cvss epss 0.01

    A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the…

  • CVE-2002-0839Oct 11, 2002
    risk 0.00cvss epss 0.01

    The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be…

  • CVE-2002-0493Aug 12, 2002
    risk 0.00cvss epss 0.04

    Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

  • CVE-2002-0257May 29, 2002
    risk 0.00cvss epss 0.04

    Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3,…

  • CVE-2002-0185May 16, 2002
    risk 0.00cvss epss 0.04

    mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.

  • CVE-2000-1210Mar 22, 2002
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.

  • CVE-2002-0061Mar 21, 2002
    risk 0.00cvss epss 0.50

    Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically…

  • CVE-2001-1556Dec 31, 2001
    risk 0.00cvss epss 0.04

    The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail,…

  • CVE-2001-1534Dec 31, 2001
    risk 0.00cvss epss 0.01

    mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for…

  • CVE-2001-1563Dec 31, 2001
    risk 0.00cvss epss 0.05

    Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.

  • CVE-2001-1072Aug 31, 2001
    risk 0.00cvss epss 0.04

    Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.

  • CVE-2001-0364Jun 27, 2001
    risk 0.00cvss epss 0.02

    SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections.

  • CVE-2001-0131Mar 12, 2001
    risk 0.00cvss epss 0.02

    htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2001-1385Jan 12, 2001
    risk 0.00cvss epss 0.02

    The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

  • CVE-2000-0628Jul 11, 2000
    risk 0.00cvss epss 0.02

    The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.

  • CVE-1999-1293Dec 31, 1999
    risk 0.00cvss epss 0.04

    mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.

  • CVE-1999-0289Dec 12, 1999
    risk 0.00cvss epss 0.04

    The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.

  • CVE-2000-1206Aug 20, 1999
    risk 0.00cvss epss 0.05

    Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.

  • CVE-1999-1199Aug 7, 1998
    risk 0.00cvss epss 0.07

    Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.

  • CVE-1999-0071Sep 1, 1997
    risk 0.00cvss epss 0.04

    Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

  • CVE-1999-0070Apr 1, 1996
    risk 0.00cvss epss 0.30

    test-cgi program allows an attacker to list files on the server.

Page 51 of 51