Filtered by vendor Apache
Subscribe
Total
2616 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0083 | 1 Apache | 1 Http Server | 2023-11-07 | 5.0 MEDIUM | N/A |
| Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. | |||||
| CVE-2003-0254 | 1 Apache | 1 Http Server | 2023-11-07 | 5.0 MEDIUM | N/A |
| Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket. | |||||
| CVE-2004-0786 | 1 Apache | 1 Http Server | 2023-11-07 | 5.0 MEDIUM | N/A |
| The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. | |||||
| CVE-2002-2009 | 1 Apache | 1 Tomcat | 2023-11-07 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. | |||||
| CVE-2004-0885 | 1 Apache | 1 Http Server | 2023-11-07 | 7.5 HIGH | N/A |
| The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | |||||
| CVE-2004-0942 | 1 Apache | 1 Http Server | 2023-11-07 | 5.0 MEDIUM | N/A |
| Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. | |||||
| CVE-2004-1834 | 1 Apache | 1 Http Server | 2023-11-07 | 2.1 LOW | N/A |
| mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | |||||
| CVE-2002-1895 | 1 Apache | 1 Tomcat | 2023-11-07 | 5.0 MEDIUM | N/A |
| The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. | |||||
| CVE-2002-1394 | 1 Apache | 1 Tomcat | 2023-11-07 | 7.5 HIGH | N/A |
| Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. | |||||
| CVE-2002-1567 | 1 Apache | 1 Tomcat | 2023-11-07 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script. | |||||
| CVE-2002-1592 | 1 Apache | 1 Http Server | 2023-11-07 | 5.0 MEDIUM | N/A |
| The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2004-0809 | 8 Apache, Debian, Gentoo and 5 more | 12 Http Server, Debian Linux, Linux and 9 more | 2023-11-07 | 5.0 MEDIUM | N/A |
| The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. | |||||
| CVE-2004-0751 | 1 Apache | 1 Http Server | 2023-11-07 | 5.0 MEDIUM | N/A |
| The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). | |||||
| CVE-2004-0811 | 1 Apache | 1 Http Server | 2023-11-07 | 7.5 HIGH | N/A |
| Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. | |||||
| CVE-2003-0017 | 1 Apache | 1 Http Server | 2023-11-07 | 5.0 MEDIUM | N/A |
| Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. | |||||
| CVE-2004-0113 | 1 Apache | 1 Http Server | 2023-11-07 | 5.0 MEDIUM | N/A |
| Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. | |||||
| CVE-2003-0987 | 1 Apache | 1 Http Server | 2023-11-07 | 7.5 HIGH | N/A |
| mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. | |||||
| CVE-2004-0492 | 5 Apache, Hp, Ibm and 2 more | 7 Http Server, Virtualvault, Vvos and 4 more | 2023-11-07 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. | |||||
| CVE-2003-0993 | 1 Apache | 1 Http Server | 2023-11-07 | 7.5 HIGH | N/A |
| mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2003-0253 | 1 Apache | 1 Http Server | 2023-11-07 | 5.0 MEDIUM | N/A |
| The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service. | |||||