CVE-2003-0020

CVE-2003-0020 concerns Apache HTTP Server: the product does not filter terminal escape sequences from error logs, enabling potential insertion of escape sequences into terminal emulators vulnerable to such sequences. Connected documents show multiple related CVEs affecting different Apache branch...

CVE-2002-0840

CVE-2002-0840 is a cross-site scripting (XSS) vulnerability in the default error page of Apache. It affects Apache 2.0 before 2.0.43 and 1.3.x up to 1.3.26, when UseCanonicalName is set to off and wildcard DNS is supported. An attacker can inject script via the Host header to execute in other vis...

CVE-2002-1156

CVE-2002-1156 affects Apache 2.0.42. The vulnerability allows remote attackers to view the source of a CGI script via a POST to a directory where both WebDAV and CGI are enabled. This yields partial confidentiality impact per the NVD metrics (CVSS v2: AV:N/AC:L/Au:N/C:P/I:N/A:N; base score 5.0). ...

CVE-2002-1157

CVE-2002-1157 describes a Cross-site scripting vulnerability in the Apache mod_ssl module (versions 2.8.9 and earlier). The issue occurs when UseCanonicalName is Off and wildcard DNS is enabled, allowing a remote attacker to cause the server name in an HTTPS response to be used in a self-referenc...

CVE-2003-0993

CVE-2003-0993 concerns Apache 1.3.x mod_access on big-endian 64-bit systems. The issue arises because Allow/Deny rules that specify IP addresses without a netmask are not parsed correctly, potentially allowing remote attackers to bypass access restrictions. Multiple OpenVAS entries and vendor adv...

GLSA-200401-03 : Apache mod_python Denial of Service vulnerability

The remote host is affected by the vulnerability described in GLSA-200401-03 Apache modpython Denial of Service vulnerability The Apache Foundation has reported that modpython may be prone to Denial of Service attacks when handling a malformed query. Modpython 2.7.9 was released to fix the...

Apache Input Header Folding Remote DoS

Binary data 1237.prm...

Apache mod_frontpage < 1.6.1 Remote Overflow

Binary data 1509.prm...

Mandrake Linux Security Advisory : apache (MDKSA-2004:065)

A buffer overflow vulnerability was found by George Guninski in Apache's modproxy module, which can be exploited by a remote user to potentially execute arbitrary code with the privileges of an httpd child process user apache. This can only be exploited, however, if modproxy is actually in use. I...

CVE-2004-0700

Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...

CVE-2004-0700

CVE-2004-0700 describes a format-string vulnerability in the mod_ssl component (ssl_engine_log.c) of Apache’s mod_ssl. Affects Apache before 1.3.31 with mod_ssl up to version 2.8.19; remote attackers could use format specifiers in HTTPS log messages processed by ssl_log to potentially execute arb...

apache13-modssl -- format string vulnerability in proxy support

A OpenPKG Security Advisory reports: Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in modssl, the Apache SSL/TLS interface to OpenSSL, version up to and including 2.8.18 for Apache 1.3. The modssl in Apache 2.x is not affected. The vulnerability coul...

FreeBSD : ModSecurity for Apache 2.x remote off-by-one overflow (113)

The following package needs to be updated: modsecurity %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgc2e1036877ab11d8b9e800e04ccb0a62.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26)

The remote host is missing Security Update 2004-01-26. This security update includes the following components : - Apache 1.3 - Classic - Mail - Safari - Windows File Sharing For MacOS 10.1.5, it only includes the following : - Mail This update contains various fixes which may allow an attacker to...

RHEL 2.1 : apache (RHSA-2003:244)

Updated Apache and modssl packages that fix several minor security issues are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl which can...

FreeBSD : Apache 2 mod_ssl denial-of-service (12)

The following package needs to be updated: apache %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg492f889670fa11d8873f0020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

CVE-2004-0493

The CVE-2004-0493 entry relates to Apache httpd 2.0.x prior to 2.0.50, where long MIME header lines with excessive spaces/tabs can cause memory exhaustion and, on 64-bit systems, a potential heap-based buffer overflow. Connected advisories confirm DoS concerns across Apache 2.0.x and related modu...

CVE-2004-0492

Apache mod_proxy vulnerability CVE-2004-0492 is a heap-based overflow in proxy_util.c affecting Apache 1.3.25–1.3.31. A remote attacker can trigger a denial of service (process crash) and possibly execute arbitrary code by sending a negative Content-Length header, causing excessive data copy. The...

CVE-2004-0529

The CVE-2004-0529 entries describe a local-privilege escalation in cPanel’s patched suexec when configured for mod_php and built for Apache 1.3.31 and earlier without mod_phpsuexec. The affected component is the modified suexec binary used with Apache+cPanel, which permits local users to execute ...

CVE-2004-0490

CVE-2004-0490 affects cPanel when compiling Apache 1.3.29 with mod_phpsuexec; it does not set --enable-discard-path, so PHP uses SCRIPT_FILENAME instead of PATH_TRANSLATED, enabling local users to run the attacker’s script with the user’s privileges. This is a local vulnerability with complete co...