Filtered by vendor Apache
Subscriptions
Total
2769 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3510 | 2 Apache, Redhat | 4 Tomcat, Certificate System, Network Satellite and 1 more | 2025-04-03 | N/A |
| Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. | ||||
| CVE-2003-0192 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
| Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. | ||||
| CVE-1999-0070 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| test-cgi program allows an attacker to list files on the server. | ||||
| CVE-2005-0808 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | ||||
| CVE-2003-0973 | 2 Apache, Redhat | 3 Mod Python, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. | ||||
| CVE-2001-0917 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. | ||||
| CVE-2002-0936 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | ||||
| CVE-2001-1563 | 2 Apache, Hp | 2 Tomcat, Secure Os | 2025-04-03 | N/A |
| Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers. | ||||
| CVE-2004-0751 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | N/A |
| The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). | ||||
| CVE-2005-1344 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | ||||
| CVE-2000-0913 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. | ||||
| CVE-2001-0590 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0). | ||||
| CVE-2005-4838 | 2 Apache, Redhat | 3 Tomcat, Network Satellite, Rhel Application Server | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. | ||||
| CVE-2001-1534 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. | ||||
| CVE-2003-0189 | 2 Apache, Redhat | 2 Http Server, Linux | 2025-04-03 | N/A |
| The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used. | ||||
| CVE-2006-0743 | 1 Apache | 1 Log4net | 2025-04-03 | N/A |
| Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | ||||
| CVE-2002-0843 | 3 Apache, Oracle, Redhat | 8 Http Server, Application Server, Database Server and 5 more | 2025-04-03 | N/A |
| Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | ||||
| CVE-2006-3918 | 4 Apache, Canonical, Debian and 1 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2025-04-03 | N/A |
| http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | ||||
| CVE-2005-3357 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | N/A |
| mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. | ||||
| CVE-2005-3745 | 2 Apache, Redhat | 2 Struts, Rhel Application Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message. | ||||