Filtered by vendor Apache Subscriptions
Total 2344 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-1082 8 Apache, Apple, Avaya and 5 more 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more 2024-11-21 N/A
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
CVE-2004-0942 2 Apache, Redhat 2 Http Server, Enterprise Linux 2024-11-21 N/A
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
CVE-2004-0940 7 Apache, Hp, Openpkg and 4 more 9 Http Server, Hp-ux, Openpkg and 6 more 2024-11-21 7.8 High
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
CVE-2004-0885 2 Apache, Redhat 6 Http Server, Enterprise Linux, Network Proxy and 3 more 2024-11-21 N/A
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
CVE-2004-0811 1 Apache 1 Http Server 2024-11-21 N/A
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
CVE-2004-0809 8 Apache, Debian, Gentoo and 5 more 12 Http Server, Debian Linux, Linux and 9 more 2024-11-21 N/A
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVE-2004-0786 2 Apache, Redhat 2 Http Server, Enterprise Linux 2024-11-21 N/A
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
CVE-2004-0751 2 Apache, Redhat 2 Http Server, Enterprise Linux 2024-11-21 N/A
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
CVE-2004-0748 2 Apache, Redhat 2 Http Server, Enterprise Linux 2024-11-21 N/A
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
CVE-2004-0747 2 Apache, Redhat 2 Http Server, Enterprise Linux 2024-11-21 7.8 High
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
CVE-2004-0493 6 Apache, Avaya, Gentoo and 3 more 9 Http Server, Converged Communications Server, S8300 and 6 more 2024-11-21 N/A
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
CVE-2004-0492 6 Apache, Hp, Ibm and 3 more 8 Http Server, Virtualvault, Vvos and 5 more 2024-11-21 N/A
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
CVE-2004-0488 3 Apache, Debian, Redhat 8 Http Server, Debian Linux, Enterprise Linux and 5 more 2024-11-21 N/A
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
CVE-2004-0263 2 Apache, Ibm 2 Http Server, Http Server 2024-11-21 N/A
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
CVE-2004-0179 4 Apache, Debian, Redhat and 1 more 7 Openoffice, Subversion, Debian Linux and 4 more 2024-11-21 N/A
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
CVE-2004-0174 2 Apache, Redhat 2 Http Server, Stronghold 2024-11-21 7.5 High
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
CVE-2004-0173 1 Apache 1 Http Server 2024-11-21 N/A
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
CVE-2004-0113 2 Apache, Redhat 3 Http Server, Enterprise Linux, Linux 2024-11-21 N/A
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
CVE-2004-0096 2 Apache, Redhat 3 Mod Python, Enterprise Linux, Linux 2024-11-21 N/A
Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.
CVE-2003-1581 1 Apache 1 Http Server 2024-11-21 N/A
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.