CVE-2001-0766

CVE-2001-0766 affects Apache on MacOS X Client 10.0.3 with HFS+; a case-insensitive filesystem leads to bypassing URL-based access filters. The root cause is that Apache’s file access protection assumes a case-sensitive FS, so URLs with mixed case can bypass / restrictions, potentially exposing p...

CVE-2001-0108

The CVE-2001-0108 issue affects the PHP 4.x Apache module, including versions up to 4.0.4, where a malformed HTTP request can cause PHP to apply access controls from .htaccess on the next requested page, effectively bypassing restrictions. Connected advisories (Mandrake MDKSA-2001:013 and Debian ...

CVE-1999-1293

modproxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core...

CVE-2001-1013

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no publichtml directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server...

CVE-1999-0926

Technical details beyond the minimal description are not publicly provided in the supplied documents. Monitor for updates on affected products, versions, and fixes.

CVE-2001-1072

Apache with modrewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / slash characters into the requested path, which causes the regular expression in the RewriteRule to fail...

Apache mod_info /server-info Information Disclosure

A remote unauthenticated attacker can obtain an overview of the remote Apache web server's configuration by requesting the URL '/server-info'. This overview includes information such as installed modules, their configuration, and assorted run-time settings. C Tenable Network Security, Inc...

CVE-2001-0131

CVE-2001-0131 is linked in Debian/OpenVAS advisories (e.g., DSA 021-1/188, OpenVAS entries) and references Apache components, but the connected documents do not provide detailed technical description of the root cause or explicit fixes beyond noting the vulnerability and CVSS scores. The Debian/O...

CVE-2000-0913

modrewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression...

EUVD-2000-0856

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method...

CVE-2000-0869

CVE-2000-0869: The default Apache 1.3.12 configuration on SuSE Linux 6.4 enables WebDAV, allowing remote attackers to list arbitrary directories via the PROPFIND method. This results in information disclosure about directory structure. The issue is tied to the WebDAV module being active by defaul...

CVE-2000-0883

The CVE-2000-0883 entry concerns Mandrake Linux mod_perl on Apache where the default mod_perl configuration (Mandrake 6.1–7.1) sets the /perl/ directory to be browseable, allowing remote listing of that directory. The vulnerability arises from an insecure Options directive that permits directory ...

CVE-2000-0913

The CVE-2000-0913 issue affects the Apache web server module mod_rewrite. It enables a remote attacker to read arbitrary files when a RewriteRule directive expands to a filename containing a regular expression, as described for Apache 1.3.12 and earlier. Connected sources corroborate that this is...

CVE-2000-1016

The CVE-2000-1016 entry concerns the default Apache httpd.conf alias on SuSE 6.4 that exposes /usr/doc via /doc/packages, enabling remote read of package documentation and system configuration information. The vulnerability is an information disclosure in the web server configuration, with the af...

CVE-2000-0868

The CVE-2000-0868 issue affects Apache 1.3.12 on SuSE Linux 6.4 where the default configuration exposes CGI script source code. The vulnerability arises because /cgi-bin/ requests can be rewritten to /cgi-bin-sdb/, which is an Alias of /cgi-bin, enabling remote attackers to disclose source code o...

CVE-2000-0505

The CVE-2000-0505 entry concerns the Apache HTTP Server on Windows (Win32) in the 1.3.x line. The vulnerability allows remote attackers to list directory contents by issuing a URL containing a large sequence of forward slashes, which triggers directory listing of the web root as configured in htt...

CVE-2000-0628

The CVE-2000-0628 entry concerns the Apache::ASP 1.93 and earlier, where the source.asp example script in the Apache ASP module allows remote attackers to modify files. The vulnerability pertains to the source.asp file (/site/eg/source.asp in exposed deployments) which comes with the Apache::ASP ...

CVE-2000-0760

Affected software: Jakarta Tomcat 3.0 and 3.1 under Apache. Vulnerability: The Snoop servlet exposes sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, leading to information disclosure. Root cause / details: Information disclosure vulnerability ...

CVE-2000-0759

The CVE-2000-0759 entry concerns Jakarta Tomcat 3.1 running under Apache, where requesting a nonexistent URL causes an error page that reveals the full physical path of the webroot. Root cause: information disclosure via error handling that leaks filesystem paths, enabling an attacker to map the ...

CVE-1999-0678

CVE-1999-0678 affects the Apache server configured on Debian GNU/Linux where the default ServerRoot is /usr/doc. This misconfiguration allows remote users to read documentation files for the entire server via the web interface. The issue is caused by serving the /usr/doc directory as part of the ...