Filtered by vendor Apache
Subscriptions
Filtered by product Http Server
Subscriptions
Total
327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0505 | 2 Apache, Ibm | 2 Http Server, Http Server | 2025-04-03 | N/A |
| The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. | ||||
| CVE-2000-0913 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. | ||||
| CVE-2000-1205 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant. | ||||
| CVE-2001-0042 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. | ||||
| CVE-2001-0729 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. | ||||
| CVE-2001-0730 | 2 Apache, Redhat | 3 Http Server, Linux, Secure Web Server | 2025-04-03 | N/A |
| split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. | ||||
| CVE-2001-1534 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. | ||||
| CVE-2001-1556 | 1 Apache | 1 Http Server | 2025-04-03 | 3.3 Low |
| The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | ||||
| CVE-2002-0061 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. | ||||
| CVE-2002-0839 | 3 Apache, Debian, Redhat | 6 Http Server, Debian Linux, Enterprise Linux and 3 more | 2025-04-03 | N/A |
| The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. | ||||
| CVE-2002-1233 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. | ||||
| CVE-2002-1593 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. | ||||
| CVE-2002-2103 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. | ||||
| CVE-2003-0542 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
| Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. | ||||
| CVE-2003-1307 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP. | ||||
| CVE-2003-0789 | 2 Apache, Redhat | 2 Http Server, Linux | 2025-04-03 | N/A |
| mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. | ||||
| CVE-2003-0993 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2004-0113 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. | ||||
| CVE-2004-0263 | 2 Apache, Ibm | 2 Http Server, Http Server | 2025-04-03 | N/A |
| PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | ||||
| CVE-2004-0811 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. | ||||