Filtered by vendor Apache
Subscribe
Total
2396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1449 | 2 Apache, Mandrakesoft | 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | |||||
| CVE-2003-1307 | 1 Apache | 1 Http Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP. | |||||
| CVE-1999-0107 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | |||||
| CVE-2003-0987 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
| mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. | |||||
| CVE-2005-0508 | 1 Apache | 1 Batik | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue." | |||||
| CVE-2005-2970 | 4 Apache, Canonical, Fedoraproject and 1 more | 6 Http Server, Ubuntu Linux, Fedora Core and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. | |||||
| CVE-2002-1156 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled. | |||||
| CVE-2004-0263 | 2 Apache, Ibm | 2 Http Server, Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2002-1658 | 1 Apache | 1 Http Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
| CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | |||||
| CVE-2006-3747 | 3 Apache, Canonical, Debian | 3 Http Server, Ubuntu Linux, Debian Linux | 2025-04-03 | 7.6 HIGH | N/A |
| Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. | |||||
| CVE-2003-0460 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. | |||||
| CVE-2004-0786 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. | |||||
| CVE-2004-2650 | 1 Apache | 1 James | 2025-04-03 | 4.9 MEDIUM | N/A |
| Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. | |||||
| CVE-1999-0071 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
| Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | |||||
| CVE-2003-0973 | 1 Apache | 1 Mod Python | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. | |||||
| CVE-2000-0505 | 2 Apache, Ibm | 2 Http Server, Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. | |||||
| CVE-2005-1268 | 3 Apache, Debian, Redhat | 5 Http Server, Debian Linux, Enterprise Linux Desktop and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | |||||
| CVE-1999-0070 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| test-cgi program allows an attacker to list files on the server. | |||||
| CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
| guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | |||||