Filtered by vendor Apache
Subscriptions
Filtered by product Http Server
Subscriptions
Total
327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0885 | 2 Apache, Redhat | 6 Http Server, Enterprise Linux, Network Proxy and 3 more | 2025-04-03 | N/A |
| The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | ||||
| CVE-2004-0493 | 6 Apache, Avaya, Gentoo and 3 more | 9 Http Server, Converged Communications Server, S8300 and 6 more | 2025-04-03 | N/A |
| The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | ||||
| CVE-2004-0488 | 3 Apache, Debian, Redhat | 8 Http Server, Debian Linux, Enterprise Linux and 5 more | 2025-04-03 | N/A |
| Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. | ||||
| CVE-1999-0926 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | ||||
| CVE-2004-0748 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | N/A |
| mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. | ||||
| CVE-2004-0747 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | 7.8 High |
| Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. | ||||
| CVE-2006-3918 | 4 Apache, Canonical, Debian and 1 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2025-04-03 | N/A |
| http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | ||||
| CVE-1999-0107 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | ||||
| CVE-2004-1834 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | N/A |
| mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | ||||
| CVE-2004-0811 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. | ||||
| CVE-2003-0016 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. | ||||
| CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2025-04-03 | 2.9 Low |
| htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2001-1556 | 1 Apache | 1 Http Server | 2025-04-03 | 3.3 Low |
| The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | ||||
| CVE-2003-0189 | 2 Apache, Redhat | 2 Http Server, Linux | 2025-04-03 | N/A |
| The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used. | ||||
| CVE-2004-0809 | 8 Apache, Debian, Gentoo and 5 more | 12 Http Server, Debian Linux, Linux and 9 more | 2025-04-03 | N/A |
| The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. | ||||
| CVE-2003-0253 | 2 Apache, Redhat | 2 Http Server, Linux | 2025-04-03 | N/A |
| The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service. | ||||
| CVE-2003-0254 | 2 Apache, Redhat | 2 Http Server, Linux | 2025-04-03 | N/A |
| Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket. | ||||
| CVE-2002-1658 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | ||||
| CVE-2002-2012 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request. | ||||
| CVE-2002-2029 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. | ||||