CVE-2003-0253

The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service...

Low: Red Hat Security Advisory: apache security update for Stronghold

Updated Apache packages are available which fix a security issue by preventing control characters from being written to the error log. The updated packages also include a minor bug fix for modproxy. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. T...

CVE-2003-0020

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

CVE-2003-0020

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache 1.3.26

I recently did a very brief and non-exhaustive security audit of Apache 1.3.26, and noticed some small potential bugs in some of the helper programs that come with the distribution. Apache maintainers have been notified, and the most serious of these bugs have been fixed in 1.3.27. I'm sending th...

Apache Host: crossite scripting

404 error message contains unescaped Host: header of HTTP request...

Apache 2.0 - Encoded Backslash Directory Traversal

Apache 2.0 - Encoded Backslash Directory Traversal source: https://www.securityfocus.com/bid/5434/info A directory traversal vulnerability exists in Apache versions 2.0.39 and earlier on non-Unix platforms potentially including Apache compiled with CYGWIN. Platforms that may be affected by this...

Moderate: Red Hat Security Advisory: apache security update for Stronghold

The Apache Web server contains a security vulnerability which can be used to launch a denial of service attack, or in some cases, allow remote code execution. Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with "chunked" encoded requests. A...

CVE-2001-1072

Apache with modrewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / slash characters into the requested path, which causes the regular expression in the RewriteRule to fail...

htaccess protection bypass in Apache

It's possible to bypass htaccess protection gor local user wia directory symlink...

CVE-2001-1013

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no publichtml directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server...

Important: Red Hat Security Advisory: : Updated apache packages available

Updated Apache packages are now available for Red Hat Linux 6.2, 7, 7.1, and 7.2. These packages upgrade the Apache Web server to version 1.3.22, which closes a potential security bug which would present clients with a listing of the contents of a directory instead of the contents of an index fil...

CVE-2001-0766

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters...

[SECURITY] [DSA 021-1] New version of Apache released

---------------------------------------------------------------------------- Debian Security Advisory DSA-021-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26, 2001 - ---------------------------------------------------------------------------- Package : apache...

Дырки в PHP под Apache

В отдельных случаях можно обойти .htaccess, кроме того, отключив PHP на одном виртуальном сервере можно выключить егона всех остальных и получить доступ к коду...

Дырка в Apache-ssl из Trustix

Из-за ошибки в скрипте инсталляции часть исполняемых файлов устанавливается открытыми на запись...

CVE-1999-1293

modproxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core...