Filtered by vendor Apache
Subscriptions
Total
2588 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2002-0839 | 3 Apache, Debian, Redhat | 6 Http Server, Debian Linux, Enterprise Linux and 3 more | 2025-04-03 | N/A |
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. | ||||
CVE-2003-0044 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. | ||||
CVE-2002-2272 | 1 Apache | 2 Http Server, Tomcat | 2025-04-03 | N/A |
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. | ||||
CVE-2003-0042 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. | ||||
CVE-2000-0913 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. | ||||
CVE-2002-1593 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. | ||||
CVE-2002-1592 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information. | ||||
CVE-2006-2447 | 2 Apache, Redhat | 2 Spamassassin, Enterprise Linux | 2025-04-03 | N/A |
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | ||||
CVE-2002-0240 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | ||||
CVE-2005-2090 | 2 Apache, Redhat | 7 Tomcat, Certificate System, Enterprise Linux and 4 more | 2025-04-03 | N/A |
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
CVE-2005-3357 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | N/A |
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. | ||||
CVE-2003-0016 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. | ||||
CVE-2003-0017 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. | ||||
CVE-2006-2806 | 1 Apache | 1 James | 2025-04-03 | N/A |
The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. | ||||
CVE-2005-0808 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | ||||
CVE-2006-0042 | 2 Apache, Debian | 2 Libapreq2, Debian Linux | 2025-04-03 | N/A |
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. | ||||
CVE-2001-0590 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0). | ||||
CVE-2005-1268 | 3 Apache, Debian, Redhat | 6 Http Server, Debian Linux, Enterprise Linux and 3 more | 2025-04-03 | N/A |
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||||
CVE-2002-2103 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. | ||||
CVE-2000-1205 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant. |