Filtered by vendor Apache
Subscriptions
Filtered by product Http Server
Subscriptions
Total
305 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-4110 | 1 Apache | 1 Http Server | 2024-11-21 | N/A |
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. | ||||
CVE-2006-3918 | 4 Apache, Canonical, Debian and 1 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | N/A |
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | ||||
CVE-2006-3747 | 3 Apache, Canonical, Debian | 3 Http Server, Ubuntu Linux, Debian Linux | 2024-11-21 | N/A |
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. | ||||
CVE-2006-20001 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Jboss Core Services | 2024-11-21 | 7.5 High |
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. | ||||
CVE-2005-3357 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2024-11-21 | N/A |
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. | ||||
CVE-2005-3352 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Network Proxy and 2 more | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. | ||||
CVE-2005-2970 | 4 Apache, Canonical, Fedoraproject and 1 more | 7 Http Server, Ubuntu Linux, Fedora Core and 4 more | 2024-11-21 | N/A |
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. | ||||
CVE-2005-2728 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2024-11-21 | N/A |
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. | ||||
CVE-2005-2700 | 4 Apache, Canonical, Debian and 1 more | 6 Http Server, Ubuntu Linux, Debian Linux and 3 more | 2024-11-21 | N/A |
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. | ||||
CVE-2005-2088 | 3 Apache, Debian, Redhat | 3 Http Server, Debian Linux, Enterprise Linux | 2024-11-21 | N/A |
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
CVE-2005-1344 | 1 Apache | 1 Http Server | 2024-11-21 | N/A |
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | ||||
CVE-2005-1268 | 3 Apache, Debian, Redhat | 6 Http Server, Debian Linux, Enterprise Linux and 3 more | 2024-11-21 | N/A |
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||||
CVE-2004-2343 | 1 Apache | 1 Http Server | 2024-11-21 | N/A |
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument | ||||
CVE-2004-1834 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2024-11-21 | N/A |
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | ||||
CVE-2004-1387 | 1 Apache | 1 Http Server | 2024-11-21 | N/A |
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | ||||
CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2024-11-21 | N/A |
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | ||||
CVE-2004-0942 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2024-11-21 | N/A |
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. | ||||
CVE-2004-0940 | 7 Apache, Hp, Openpkg and 4 more | 9 Http Server, Hp-ux, Openpkg and 6 more | 2024-11-21 | 7.8 High |
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | ||||
CVE-2004-0885 | 2 Apache, Redhat | 6 Http Server, Enterprise Linux, Network Proxy and 3 more | 2024-11-21 | N/A |
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | ||||
CVE-2004-0811 | 1 Apache | 1 Http Server | 2024-11-21 | N/A |
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. |