Filtered by vendor Apache
Subscriptions
Filtered by product Http Server
Subscriptions
Total
305 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2000-1204 | 1 Apache | 1 Http Server | 2024-08-08 | N/A |
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root. | ||||
CVE-2000-1206 | 1 Apache | 1 Http Server | 2024-08-08 | N/A |
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files. | ||||
CVE-2000-0868 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2024-08-08 | N/A |
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. | ||||
CVE-2000-0913 | 1 Apache | 1 Http Server | 2024-08-08 | N/A |
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. | ||||
CVE-2000-0869 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2024-08-08 | N/A |
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. | ||||
CVE-2000-0505 | 2 Apache, Ibm | 2 Http Server, Http Server | 2024-08-08 | N/A |
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. | ||||
CVE-2001-1449 | 2 Apache, Mandrakesoft | 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2024-08-08 | N/A |
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | ||||
CVE-2001-1342 | 1 Apache | 1 Http Server | 2024-08-08 | N/A |
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. | ||||
CVE-2001-1072 | 1 Apache | 1 Http Server | 2024-08-08 | N/A |
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | ||||
CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-08-08 | N/A |
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | ||||
CVE-2001-0729 | 1 Apache | 1 Http Server | 2024-08-08 | N/A |
Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. | ||||
CVE-2001-0766 | 2 Apache, Apple | 2 Http Server, Mac Os X | 2024-08-08 | 9.8 Critical |
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. | ||||
CVE-2001-0731 | 2 Apache, Redhat | 3 Http Server, Linux, Secure Web Server | 2024-08-08 | N/A |
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. | ||||
CVE-2001-0730 | 2 Apache, Redhat | 3 Http Server, Linux, Secure Web Server | 2024-08-08 | N/A |
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. | ||||
CVE-2001-0042 | 1 Apache | 1 Http Server | 2024-08-08 | N/A |
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. | ||||
CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-08-08 | 2.9 Low |
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | ||||
CVE-2002-2272 | 1 Apache | 2 Http Server, Tomcat | 2024-08-08 | N/A |
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. | ||||
CVE-2002-1850 | 1 Apache | 1 Http Server | 2024-08-08 | 7.5 High |
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. | ||||
CVE-2002-1658 | 1 Apache | 1 Http Server | 2024-08-08 | N/A |
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | ||||
CVE-2002-1592 | 1 Apache | 1 Http Server | 2024-08-08 | N/A |
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information. |