Apache Httpd < 2.0.53 : Memory consumption DoS

An issue was discovered where the field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server the ability to cause Apache children to consume proportional amounts of memory, leading to a denial of...

Apache Httpd < 1.3.12 : Cross-site scripting can reveal private session information

Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example...

Apache Httpd < 2.0.65 : scoreboard parent DoS

A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly...

Apache Httpd < 2.2.12 : AllowOverride Options handling bypass

A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended...

Apache Httpd < 2.0.61 : mod_proxy crash

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

Apache Httpd < 2.0.46 : Filtered escape sequences

Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 2.4.20 : mod_http2: denial of service by thread starvation

By manipulating the flow control windows on streams, a client was able to block server threads for long times, causing starvation of worker threads. Connections could still be opened, but no streams where processed for these. This issue affected HTTP/2 support in 2.4.17 and 2.4.18...

Apache Httpd < 2.2.16 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in versions 2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout conditions, the server could return a response intended for another user. Only Windows, Netware and OS2 operating systems are affected. Only those...

Apache Httpd < 1.3.42 : mod_proxy overflow on 64-bit systems

An incorrect conversion between numeric types flaw was found in the modproxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted...

Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)

A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...

Apache Httpd < 2.0.61 : mod_status cross-site scripting

A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...

Apache Httpd < 2.0.58 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Apache Httpd < 1.3.31 : listening socket starvation

A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...

Apache Httpd < 2.0.47 : Remote DoS via IPv6 ftp proxy

When a client requests that proxy ftp connect to a ftp server with IPv6 address, and the proxy is unable to create an IPv6 socket, an infinite loop occurs causing a remote Denial of Service...

Apache Httpd < 2.0.46 : Basic Authentication DoS

A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...

Apache Httpd < 2.0.46 : APR remote crash

A vulnerability in the aprpsprintf function in the Apache Portable Runtime APR library allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long strings, as demonstrated using XML objects to moddav, and possibly other vectors...

Apache Httpd < 2.0.42 : mod_dav crash

A flaw was found in handling of versioning hooks in moddav. An attacker could send a carefully crafted request in such a way to cause the child process handling the connection to crash. This issue will only result in a denial of service where a threaded process model is in use...

Apache Httpd < 1.3.27 : Buffer overflows in ab utility

Buffer overflows in the benchmarking utility ab could be exploited if ab is run against a malicious server...

Apache Httpd < 1.3.22 : Requests can cause directory listing to be displayed

A vulnerability was found in the Win32 port of Apache 1.3.20. A client submitting a very long URI could cause a directory listing to be returned rather than the default index page...

Apache Httpd < 2.4.16 : Crash in ErrorDocument 400 handling

A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only...

Apache Httpd < 1.3.41 : mod_imagemap XSS

A flaw was found in the modimagemap module. On sites where modimagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible...

Apache Httpd < 2.0.55 : PCRE overflow

An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within httpd. A local user who has the ability to create .htaccess files could create a maliciously crafted regular expression in such as way that they could gain the privileges of a httpd child...

Apache Httpd < 1.3.14 : Requests can cause directory listing to be displayed on NT

A security hole on Apache for Windows allows a user to view the listing of a directory instead of the default HTML page by sending a carefully constructed request...

Apache Httpd < 2.2.14 : Solaris pollset DoS

Faulty error handling was found affecting Solaris pollset support Event Port backend caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service...

Apache Httpd < 2.2.6 : mod_cache proxy DoS

A bug was found in the modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module...

Apache Httpd < 2.2.6 : mod_proxy crash

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

Apache Httpd < 2.2.2 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Apache Httpd < 2.0.55 : HTTP Request Spoofing

A flaw occured when using the Apache server as a HTTP proxy. A remote attacker could send a HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, causing Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server ...

Apache Httpd < 2.0.52 : Basic authentication bypass

A flaw in Apache 2.0.51 only broke the merging of the Satisfy directive which could result in access being granted to resources despite any configured authentication...

Apache Httpd < 2.0.40 : Path revealing exposures

A path-revealing exposure was present in multiview type map negotiation such as the default error documents where a module would report the full path of the typemapped .var file when multiple documents or no documents could be served. Additionally a path-revealing exposure in cgi/cgid when Apache...

Apache Httpd < 1.3.19 : Requests can cause directory listing to be displayed

The default installation can lead modnegotiation and moddir or modautoindex to display a directory listing instead of the multiview index.html file if a very long path was created artificially by using many slashes...

Apache Httpd < 2.4.12 : mod_proxy_fcgi out-of-bounds memory read

An out-of-bounds memory read was found in modproxyfcgi. A malicious FastCGI server could send a carefully crafted response which could lead to a crash when reading past the end of a heap memory or stack buffer. This issue affects version 2.4.10 only...

Apache Httpd < 2.0.65 : apr_fnmatch flaw leads to mod_autoindex remote DoS

A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...

Apache Httpd < 2.0.64 : mod_proxy_ftp FTP command injection

A flaw was found in the modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server...

Apache Httpd < 2.0.64 : mod_proxy_ftp globbing XSS

A flaw was found in the handling of wildcards in the path of a FTP URL with modproxyftp. If modproxyftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting XSS attacks...

Apache Httpd < 2.0.61 : mod_cache proxy DoS

A bug was found in the modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module...

Apache Httpd < 2.0.49 : mod_ssl memory leak

A memory leak in modssl allows a remote denial of service attack against an SSL-enabled server by sending plain HTTP requests to the SSL port...

Apache Httpd < 1.3.27 : Shared memory permissions lead to local privilege escalation

The permissions of the shared memory used for the scoreboard allows an attacker who can execute under the Apache UID to send a signal to any process as root or cause a local denial of service attack...

Apache Httpd < 1.3.22 : split-logfile can cause arbitrary log files to be written to

A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to...

Apache Httpd < 2.2.17 : expat DoS

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...

Apache Httpd < 2.2.12 : mod_proxy_ajp information disclosure

An information disclosure flaw was found in modproxyajp in version 2.2.11 only. In certain situations, if a user sent a carefully crafted HTTP request, the server could return a response intended for another user...

Apache Httpd < 2.0.51 : Malicious SSL proxy can cause crash

An issue was discovered in the modssl module in Apache 2.0.44-2.0.50 which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue ...

Apache Httpd < 2.0.48 : Local configuration regular expression overflow

By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...

Apache Httpd < 2.0.44 : MS-DOS device name filtering

On Windows platforms Apache did not correctly filter MS-DOS device names which could lead to denial of service attacks or remote code execution...

Apache Httpd < 2.0.44 : Apache can serve unexpected files

On Windows platforms Apache could be forced to serve unexpected files by appending illegal characters such as '' to the request URL...

Apache Httpd < 2.0.43 : Error page XSS using wildcard DNS

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header...

Apache Httpd < 2.0.36 : Warning messages could be displayed to users

In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...

Apache Httpd < 2.2.10 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in version 2.2.9 only, on Unix platforms. Under certain timeout conditions, the server could return a response intended for another user. Only those configurations which trigger the use of proxy worker pools are affected. There was no...

Apache Httpd < 1.3.35 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Apache Httpd < 2.0.51 : WebDAV remote crash

An issue was discovered in the moddav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK request...