CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts...

CVE-2002-0061

Apache HTTP Server on Windows (Win32) is vulnerable prior to versions 1.3.24 and 2.0.x prior to 2.0.34-beta. The flaw allows remote attackers to execute arbitrary commands by sending shell metacharacters (a pipe |) as arguments to batch (.bat) or .cmd scripts, which reach the shell interpreter (c...

CVE-2002-0392

Affected software: Apache HTTP Server 1.3.x (up to 1.3.24) and 2.0.x (up to 2.0.36). The vulnerability arises from processing chunk-encoded HTTP requests, causing Apache to compute an incorrect size, which can lead to a remote denial of service and, in some reports, potential arbitrary code execu...

CVE-2002-0513

CVE-2002-0513 affects the popper_mod PHP administration script (versions 1.2.1 and earlier). The vulnerability arises because the admin interface relies on Apache .htaccess authentication, enabling remote attackers to gain administrative privileges if the administrator does not configure the scri...

CVE-2002-0653

The CVE-2002-0653 issue is an off-by-one buffer overflow in mod_ssl (Apache) software, triggered by the ssl_compat_directive function via the rewrite_command hook in version 2.8.9 and earlier. This local vulnerability lets attackers with write access to .htaccess files execute arbitrary code as t...

CVE-2002-0658

CVE-2002-0658 affects OSSP mm library (libmm) prior to 1.2.0. The vulnerability allows the local Apache user to gain privileges via temporary files, potentially through a symlink attack. Debian advisory DSA-137 and OpenVAS entries confirm mm-related remediation guidance and show the vulnerability...

DEBIAN-CVE-2003-0083

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerabilit...

CVE-2003-0083

CVE-2003-0083 affects Apache 1.3.x (before 1.3.25) and Apache 2.0.x (before 2.0.46). The issue is that terminal escape sequences are not filtered from access logs, enabling insertion of escape sequences into terminal emulators vulnerable to such sequences. This is a separate vulnerability from CV...

security flaw

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

DEBIAN-CVE-2003-0020

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

security flaw

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

DSA-188 apache-ssl - several vulnerabilities

Bulletin has no description...

DEBIAN-CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

CVE-2002-0843

Buffer overflows in the ApacheBench benchmark support program ab.c in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response...

CVE-2002-0839

CVE-2002-0839 affects Apache 1.3.x prior to 1.3.27. The vulnerability stems from the shared memory scoreboard in the HTTP daemon, where a user running as the Apache UID can modify parent[].pid and parent[].last_rtime, enabling the process to receive a SIGUSR1 signal with potential root-level effe...

CVE-2002-0843

CVE-2002-0843 affects Apache httpd’s ApacheBench benchmark tool (ab.c). The description specifies buffer overflows in ab.c that occur in Apache before 1.3.27 and in Apache 2.x before 2.0.43. A malicious web server can trigger a long response to cause a denial of service and potentially execute ar...

Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting

source: https://www.securityfocus.com/bid/5847/info Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code. Attacker-supplied HTML and script code may be executed on...

Apache stderr DoS

Large CGI application stderr output causes Apache to hang...

CVE-2000-1204

CVE-2000-1204 affects Apache 1.3.9, 1.3.11 and 1.3.12 via the mod_vhost_alias module. The issue allows remote attackers to obtain the source code of CGI programs if the cgi-bin directory is under the document root. Impact is partial confidentiality; no exploitation details are provided in the con...

CVE-2000-1205

CVE-2000-1205 covers cross-site scripting in Apache 1.3.0–1.3.11. The vulnerability allows remote attackers to execute script as other visitors via (1) printenv CGI (printenv.pl) output, (2) error pages generated by ap_send_error_response (e.g., default 404) that omit an explicit charset, or (3) ...