Total
327 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0254 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket. | |||||
| CVE-2001-0731 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. | |||||
| CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2025-04-03 | 5.0 MEDIUM | N/A |
| A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | |||||
| CVE-2001-1534 | 1 Apache | 1 Http Server | 2025-04-03 | 2.1 LOW | N/A |
| mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. | |||||
| CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2025-04-03 | 7.5 HIGH | N/A |
| mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | |||||
| CVE-2002-0061 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
| Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. | |||||
| CVE-2005-2700 | 3 Apache, Canonical, Debian | 3 Http Server, Ubuntu Linux, Debian Linux | 2025-04-03 | 10.0 HIGH | N/A |
| ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2002-0654 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. | |||||
| CVE-2004-0113 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. | |||||
| CVE-2004-0493 | 5 Apache, Avaya, Gentoo and 2 more | 8 Http Server, Converged Communications Server, S8300 and 5 more | 2025-04-03 | 6.4 MEDIUM | N/A |
| The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | |||||
| CVE-1999-1199 | 1 Apache | 1 Http Server | 2025-04-03 | 10.0 HIGH | N/A |
| Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. | |||||
| CVE-2006-4110 | 1 Apache | 1 Http Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. | |||||
| CVE-2005-2088 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2025-04-03 | 4.3 MEDIUM | N/A |
| The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2004-0174 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." | |||||
| CVE-2004-1834 | 1 Apache | 1 Http Server | 2025-04-03 | 2.1 LOW | N/A |
| mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | |||||
| CVE-2002-0392 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
| Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. | |||||
| CVE-2001-0730 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. | |||||
| CVE-1999-0926 | 1 Apache | 1 Http Server | 2025-04-03 | 10.0 HIGH | N/A |
| Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | |||||
| CVE-2003-0134 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names. | |||||
| CVE-2002-2272 | 1 Apache | 2 Http Server, Tomcat | 2025-04-03 | 7.8 HIGH | N/A |
| Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. | |||||