Max CVSS 10.0 Min CVSS 2.1 Total Count78
IDCVSSSummaryLast (major) updatePublished
CVE-2005-2491 7.5
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, whic
15-12-2016 - 21:59 23-08-2005 - 00:00
CVE-2005-2970 5.0
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused f
07-12-2016 - 22:00 25-10-2005 - 13:06
CVE-2005-3357 5.4
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers
21-11-2016 - 21:59 31-12-2005 - 00:00
CVE-2005-2700 10.0
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass inten
21-11-2016 - 21:59 06-09-2005 - 19:03
CVE-2005-2088 4.3
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfe
17-10-2016 - 23:24 05-07-2005 - 00:00
CVE-2004-1834 2.1
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
17-10-2016 - 23:01 20-03-2004 - 00:00
CVE-2004-0942 5.0
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
17-10-2016 - 22:50 09-02-2005 - 00:00
CVE-2004-0940 6.9
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
17-10-2016 - 22:50 09-02-2005 - 00:00
CVE-2004-0885 7.5
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host config
17-10-2016 - 22:49 03-11-2004 - 00:00
CVE-2004-0493 6.4
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header
17-10-2016 - 22:45 06-08-2004 - 00:00
CVE-2004-0492 10.0
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes
17-10-2016 - 22:45 06-08-2004 - 00:00
CVE-2004-0488 7.5
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subje
17-10-2016 - 22:45 07-07-2004 - 00:00
CVE-2004-0174 5.0
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listeni
17-10-2016 - 22:41 04-05-2004 - 00:00
CVE-2004-0113 5.0
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
17-10-2016 - 22:41 29-03-2004 - 00:00
CVE-2003-0993 7.5
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
17-10-2016 - 22:38 29-03-2004 - 00:00
CVE-2003-0987 7.5
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
17-10-2016 - 22:38 03-03-2004 - 00:00
CVE-2003-0789 10.0
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
17-10-2016 - 22:37 03-11-2003 - 00:00
CVE-2003-0542 7.2
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9
17-10-2016 - 22:35 03-11-2003 - 00:00
CVE-2003-0254 5.0
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
17-10-2016 - 22:31 18-08-2003 - 00:00
CVE-2003-0253 5.0
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
17-10-2016 - 22:31 18-08-2003 - 00:00
CVE-2003-0245 5.0
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrate
17-10-2016 - 22:31 09-06-2003 - 00:00
CVE-2003-0192 6.4
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which c
17-10-2016 - 22:30 18-08-2003 - 00:00
CVE-2003-0189 5.0
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid u
17-10-2016 - 22:30 09-06-2003 - 00:00
CVE-2003-0134 5.0
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
17-10-2016 - 22:29 11-04-2003 - 00:00
CVE-2003-0132 5.0
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
17-10-2016 - 22:29 11-04-2003 - 00:00
CVE-2003-0083 5.0
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities relate
17-10-2016 - 22:29 02-04-2003 - 00:00
CVE-2003-0020 5.0
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
17-10-2016 - 22:28 18-03-2003 - 00:00
CVE-2003-0017 5.0
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
17-10-2016 - 22:28 07-02-2003 - 00:00
CVE-2003-0016 7.5
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
17-10-2016 - 22:28 07-02-2003 - 00:00
CVE-2002-0843 7.5
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
17-10-2016 - 22:22 11-10-2002 - 00:00
CVE-2002-0840 6.8
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web pag
17-10-2016 - 22:22 11-10-2002 - 00:00
CVE-2002-0839 7.2
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that
17-10-2016 - 22:22 11-10-2002 - 00:00
CVE-2002-0661 7.5
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
17-10-2016 - 22:21 12-08-2002 - 00:00
CVE-2002-0654 5.0
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that o
17-10-2016 - 22:21 05-09-2002 - 00:00
CVE-2002-0061 7.5
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the
17-10-2016 - 22:15 21-03-2002 - 00:00
CVE-2001-1342 5.0
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a n
17-10-2016 - 22:14 12-05-2001 - 00:00
CVE-1999-1199 10.0
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
17-10-2016 - 22:02 07-08-1998 - 00:00
CVE-2007-1862 5.0
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentiall
10-10-2013 - 22:33 04-06-2007 - 19:30
CVE-2007-5000 4.3
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inje
28-08-2013 - 01:38 13-12-2007 - 13:46
CVE-2008-2364 5.0
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service
17-07-2013 - 11:44 13-06-2008 - 14:41
CVE-2007-6388 4.3
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or H
17-07-2013 - 11:33 08-01-2008 - 13:46
CVE-2007-3847 5.0
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffe
17-07-2013 - 11:25 23-08-2007 - 18:17
CVE-2006-5752 4.3
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML vi
17-07-2013 - 11:01 27-06-2007 - 13:30
CVE-2005-3352 4.3
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
17-07-2013 - 10:37 13-12-2005 - 15:03
CVE-2006-3918 4.3
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected ba
05-11-2012 - 22:17 27-07-2006 - 20:04
CVE-2007-3304 4.7
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the m
30-10-2012 - 22:38 20-06-2007 - 18:30
CVE-2007-3303 4.9
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creati
30-10-2012 - 22:38 20-06-2007 - 18:30
CVE-2007-1863 5.0
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with
30-10-2012 - 22:32 27-06-2007 - 13:30
CVE-2001-0729 5.0
Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
22-10-2012 - 21:11 30-10-2001 - 00:00
CVE-2008-2137 4.4
The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span)
19-03-2012 - 00:00 29-05-2008 - 12:32
CVE-2008-0005 4.3
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
06-09-2011 - 22:41 11-01-2008 - 19:46
CVE-2006-3747 7.6
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (applica
06-09-2011 - 00:00 28-07-2006 - 14:02
CVE-2007-6422 4.0
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb
12-04-2011 - 00:00 08-01-2008 - 13:46
CVE-2007-6421 3.5
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the U
07-03-2011 - 22:02 08-01-2008 - 14:46
CVE-2007-6420 4.3
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
07-03-2011 - 22:02 11-01-2008 - 19:46
CVE-2005-2728 5.0
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
07-03-2011 - 21:24 30-08-2005 - 07:45
CVE-2005-1268 5.0
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one
07-03-2011 - 21:21 05-08-2005 - 00:00
CVE-2004-0786 5.0
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
07-03-2011 - 21:16 20-10-2004 - 00:00
CVE-2002-0392 7.5
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
07-03-2011 - 21:08 03-07-2002 - 00:00
CVE-2004-0809 5.0
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
21-08-2010 - 00:21 16-09-2004 - 00:00
CVE-2004-0751 5.0
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
21-08-2010 - 00:21 20-10-2004 - 00:00
CVE-2004-0748 5.0
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
21-08-2010 - 00:21 20-10-2004 - 00:00
CVE-2004-0747 4.6
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
21-08-2010 - 00:21 20-10-2004 - 00:00
CVE-2006-7098 6.6
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program
15-11-2008 - 00:00 03-03-2007 - 14:19
CVE-2001-0730 5.0
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
10-09-2008 - 15:08 30-10-2001 - 00:00
CVE-2000-1206 5.0
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
10-09-2008 - 15:06 20-08-1999 - 00:00
CVE-2000-0505 5.0
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10-09-2008 - 15:04 31-05-2000 - 00:00
CVE-2004-2343 7.2
** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this i
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-0811 7.5
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
05-09-2008 - 16:39 31-12-2004 - 00:00
CVE-2003-0460 5.0
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
05-09-2008 - 16:34 27-08-2003 - 00:00
CVE-2002-1593 5.0
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
05-09-2008 - 16:31 25-09-2002 - 00:00
CVE-2002-1592 5.0
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
05-09-2008 - 16:31 06-05-2002 - 00:00
CVE-2002-1156 5.0
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
05-09-2008 - 16:29 11-10-2002 - 00:00
CVE-2001-0925 5.0
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1
05-09-2008 - 16:25 12-03-2001 - 00:00
CVE-2001-0731 5.0
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
05-09-2008 - 16:24 01-10-2001 - 00:00
CVE-2000-1205 4.3
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error
05-09-2008 - 16:22 01-02-2000 - 00:00
CVE-2000-1204 5.0
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
05-09-2008 - 16:22 13-10-2000 - 00:00
CVE-2000-0913 5.0
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
05-09-2008 - 16:22 19-12-2000 - 00:00
Back to Top Mark selected
Back to Top