Apache Httpd < 1.3.39 : Signals to arbitrary processes

The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...

Apache Httpd < 2.0.61 : Signals to arbitrary processes

The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...

Input validation

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...

CVE-2006-2330

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...

EUVD-2006-2331

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...

PT-2006-4764 · Ibm +3 · Ibm Http Server +3

Name of the Vulnerable Software and Affected Versions: IBM HTTP Server versions 6.0 through 6.0.2.13 IBM HTTP Server versions 6.1 through 6.1.0.1 Apache HTTP Server versions 1.3 through 1.3.35 Apache HTTP Server versions 2.0 through 2.0.58 Apache HTTP Server versions 2.2 through 2.2.2 Description...

RHEL 4 : php (RHSA-2006:0276)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2006:0276 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The phpinfo PHP function did not properly sanitize...

Fedora Core 4 : httpd-2.0.54-10.3 (2006-052)

This update includes fixes for three security issues in the Apache HTTP Server. A memory leak in the worker MPM could allow remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other...

Moderate: Red Hat Security Advisory: apache security update

Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw in modim...

RHEL 3 / 4 : httpd (RHSA-2006:0159)

Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A memo...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2006:0159 Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server i...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A memo...

CVE-2005-4814

Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory...

Apache HTTP Server 2.x < 2.0.50 Multiple DoS Vulnerabilities

Apache HTTP Server is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server 'mod_include' Privilege Escalation Vulnerability

The remote web server appears to be running a version of Apache HTTP Server that is older than version 1.3.33. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Apache HTTP Server UserDir Sensitive Information Disclosure

An information leak occurs on Apache HTTP Server based web servers whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response. SPDX-FileCopyrightText: 2001 SecuriTeam...

Apache HTTP Server Error Log Escape Sequence Injection Vulnerability

Apache HTTP Server allows the injection of arbitrary escape sequences into its error logs. SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Apache HTTP Server Remote Command Execution via .bat files

The Apache HTTP Server 2.0.x Win32 installation is shipped with a default script, /cgi-bin/test-cgi.bat, that allows an attacker to execute commands on the Apache server although it is reported that any .bat file could open this vulnerability. SPDX-FileCopyrightText: 2002 Matt Moore Some text...

Apache HTTP Server Connection Blocking Denial of Service Vulnerability

The remote web server appears to be running a version of Apache HTTP Server that is less that 2.0.49 or 1.3.31. These versions are vulnerable to a denial of service attack where a remote attacker can block new connections to the server by connecting to a listening socket on a rarely accessed port...

Apache HTTP Server Multiple '/' Vulnerability - Active Check

Certain versions of Apache HTTP Server for Win32 have a bug wherein remote users can list directory entries. SPDX-FileCopyrightText: 2000 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...