986 matches found
Apache Httpd < 2.0.36 : Warning messages could be displayed to users
In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...
Apache 1.3 - Artificially Long Slash Path Directory Listing (2)
Apache 1.3 - Artificially Long Slash Path Directory Listing 2 // source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package,...
Apache 1.3 - Artificially Long Slash Path Directory Listing (2)
// source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system...
Apache Httpd < 1.3.24 : Win32 Apache Remote command execution
Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts...
Apache Httpd < 1.3.27 : Shared memory permissions lead to local privilege escalation
The permissions of the shared memory used for the scoreboard allows an attacker who can execute under the Apache UID to send a signal to any process as root or cause a local denial of service attack...
Apache Httpd < 1.3.22 : split-logfile can cause arbitrary log files to be written to
A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to...
Apache Httpd < 1.3.22 : Multiviews can cause a directory listing to be displayed
A vulnerability was found when Multiviews are used to negotiate the directory index. In some configurations, requesting a URI with a QUERYSTRING of M=D could return a directory listing rather than the expected index page...
Apache Httpd < 1.3.22 : Requests can cause directory listing to be displayed
A vulnerability was found in the Win32 port of Apache 1.3.20. A client submitting a very long URI could cause a directory listing to be returned rather than the default index page...
Apache 1.3 - Artificially Long Slash Path Directory Listing (3)
Apache 1.3 - Artificially Long Slash Path Directory Listing 3 source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, include...
Apache 1.3 - Artificially Long Slash Path Directory Listing (3)
source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system an...
Apache 1.3 - Artificially Long Slash Path Directory Listing (4)
source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system an...
Apache Httpd < 1.3.20 : Denial of service attack on Win32 and OS2
A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A client submitting a carefully constructed URI could cause a General Protection Fault in a child process, bringing up a message box which would have to be cleared by the operator to resume operation. This vulnerability introduce...
Apache Httpd < 1.3.19 : Requests can cause directory listing to be displayed
The default installation can lead modnegotiation and moddir or modautoindex to display a directory listing instead of the multiview index.html file if a very long path was created artificially by using many slashes...
Apache Httpd < 1.3.14 : Rewrite rules that include references allow access to any file
The Rewrite module, modrewrite, can allow access to any file on the web server. The vulnerability occurs only with certain specific cases of using regular expression references in RewriteRule directives: If the destination of a RewriteRule contains regular expression references then an attacker...
Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source
A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...
Apache Httpd < 1.3.14 : Requests can cause directory listing to be displayed on NT
A security hole on Apache for Windows allows a user to view the listing of a directory instead of the default HTML page by sending a carefully constructed request...
Apache Httpd < 1.3.12 : Cross-site scripting can reveal private session information
Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example...
Apache Httpd < 1.3.11 : Mass virtual hosting security issue
A security problem can occur for sites using mass name-based virtual hosting using the new modvhostalias module or with special modrewrite rules...
CVE-1999-0236
The CVE-1999-0236 entry describes a vulnerability in the ScriptAlias directory handling in NCSA and Apache httpd that allowed attackers to read CGI programs. Affected software is the Apache httpd family utilizing ScriptAlias configuration; the underlying issue is directory handling enabling discl...
CVE-1999-0071
CVE-1999-0071 affects the Apache httpd server prior to 1.1.2 (versions 1.1.1 and earlier) due to a cookie header buffer overflow. The root cause is a vulnerable handling of the HTTP Cookie header (too long name/value) that can cause the server to crash. Some connected sources describe the impact ...