271 matches found
Apache Httpd < 2.0.64 : apr_bridage_split_line DoS
A flaw was found in the aprbrigadesplitline function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service...
Apache Httpd < 2.0.64 : mod_deflate DoS
A denial of service flaw was found in the moddeflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause moddeflate to consume large amounts of CPU...
Apache Httpd < 2.0.61 : mod_cache proxy DoS
A bug was found in the modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module...
Apache Httpd < 2.0.47 : Remote DoS with multiple Listen directives
In a server with multiple listening sockets a certain error returned by accept on a rarely access port can cause a temporary denial of service, due to a bug in the prefork MPM...
Apache Httpd < 2.0.44 : Apache can serve unexpected files
On Windows platforms Apache could be forced to serve unexpected files by appending illegal characters such as '' to the request URL...
Apache Httpd < 2.0.36 : Warning messages could be displayed to users
In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...
Apache Httpd < 2.2.2 : mod_ssl access control DoS
A NULL pointer dereference flaw in modssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This...
Apache Httpd < 2.0.58 : mod_ssl access control DoS
A NULL pointer dereference flaw in modssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This...
Apache Httpd < 2.0.52 : Basic authentication bypass
A flaw in Apache 2.0.51 only broke the merging of the Satisfy directive which could result in access being granted to resources despite any configured authentication...
Apache Httpd < 2.0.51 : SSL connection infinite loop
An issue was discovered in the modssl module in Apache 2.0. A remote attacker who forces an SSL connection to be aborted in a particular state may cause an Apache child process to enter an infinite loop, consuming CPU resources...
Apache Httpd < 2.0.50 : Header parsing memory leak
A memory leak in parsing of HTTP headers which can be triggered remotely may allow a denial of service attack due to excessive memory consumption...
Apache Httpd < 1.3.31 : listening socket starvation
A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...
Apache Httpd < 1.3.31 : Error log escape filtering
Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.0.42 : mod_dav crash
A flaw was found in handling of versioning hooks in moddav. An attacker could send a carefully crafted request in such a way to cause the child process handling the connection to crash. This issue will only result in a denial of service where a threaded process model is in use...
Apache Httpd < 2.4.16 : Crash in ErrorDocument 400 handling
A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only...
Apache Httpd < 2.4.12 : mod_proxy_fcgi out-of-bounds memory read
An out-of-bounds memory read was found in modproxyfcgi. A malicious FastCGI server could send a carefully crafted response which could lead to a crash when reading past the end of a heap memory or stack buffer. This issue affects version 2.4.10 only...
Apache Httpd < 2.4.4 : XSS in mod_proxy_balancer
A XSS flaw affected the modproxybalancer manager interface...
Apache Httpd < 1.3.41 : mod_status XSS
A flaw was found in the modstatus module. On sites where modstatus is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available...
Apache Httpd < 2.0.58 : mod_imap Referer Cross-Site Scripting
A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...
Apache Httpd < 2.0.55 : Byterange filter DoS
A flaw in the byterange filter would cause some responses to be buffered into memory. If a server has a dynamic resource such as a CGI script or PHP script which generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading ...
Apache Httpd < 2.0.53 : Memory consumption DoS
An issue was discovered where the field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server the ability to cause Apache children to consume proportional amounts of memory, leading to a denial of...
Apache Httpd < 2.0.45 : Line feed memory leak DoS
Apache 2.0 versions before Apache 2.0.45 had a significant Denial of Service vulnerability. Remote attackers could cause a denial of service memory consumption via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed...
Apache Httpd < 2.0.48 : Local configuration regular expression overflow
By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...
Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source
A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...
Apache Httpd < 2.4.6 : mod_dav crash
Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault...
Apache Httpd < 2.0.65 : error responses can expose cookies
A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...
Apache Httpd < 2.0.64 : mod_isapi module unload flaw
A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...
Apache Httpd < 2.2.6 : mod_cache proxy DoS
A bug was found in the modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module...
Apache Httpd < 2.0.55 : Malicious CRL off-by-one
An off-by-one stack overflow was discovered in the modssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list CRL...
Apache Httpd < 2.0.51 : Environment variable expansion flaw
A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...
Apache Httpd < 2.0.64 : APR apr_palloc heap overflow
A flaw in aprpalloc in the bundled copy of APR could cause heap overflows in programs that try to aprpalloc a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses...
Apache Httpd < 2.0.55 : PCRE overflow
An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within httpd. A local user who has the ability to create .htaccess files could create a maliciously crafted regular expression in such as way that they could gain the privileges of a httpd child...
Apache Httpd < 2.0.53 : mod_disk_cache stores sensitive headers
The experimental moddiskcache module stored client authentication credentials for cached objects such as proxy authentication credentials and Basic Authentication passwords on disk...
Apache Httpd < 1.3.12 : Cross-site scripting can reveal private session information
Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example...
Apache Httpd < 2.0.65 : scoreboard parent DoS
A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly...
Apache Httpd < 1.3.41 : mod_imagemap XSS
A flaw was found in the modimagemap module. On sites where modimagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible...
Apache Httpd < 2.2.6 : mod_proxy crash
A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...
Apache Httpd < 2.0.55 : HTTP Request Spoofing
A flaw occured when using the Apache server as a HTTP proxy. A remote attacker could send a HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, causing Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server ...
Apache Httpd < 1.3.31 : mod_digest nonce checking
moddigest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that moddigest implements an older version of the MD5...
Apache Httpd < 2.0.64 : mod_proxy_ftp FTP command injection
A flaw was found in the modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server...
Apache Httpd < 1.3.31 : Allow/Deny parsing on big-endian 64-bit platforms
A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match...
Apache Httpd < 2.0.49 : Error log escape filtering
Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)
A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...
Apache Httpd < 2.0.51 : Malicious SSL proxy can cause crash
An issue was discovered in the modssl module in Apache 2.0.44-2.0.50 which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue ...
Apache Httpd < 2.0.50 : FakeBasicAuth overflow
A buffer overflow in the modssl FakeBasicAuth code could be exploited by an attacker using a trusted client certificate with a subject DN field which exceeds 6K in length...
Apache Httpd < 2.0.49 : mod_ssl memory leak
A memory leak in modssl allows a remote denial of service attack against an SSL-enabled server by sending plain HTTP requests to the SSL port...
Apache Httpd < 1.3.27 : Buffer overflows in ab utility
Buffer overflows in the benchmarking utility ab could be exploited if ab is run against a malicious server...
Apache Httpd < 1.3.27 : Shared memory permissions lead to local privilege escalation
The permissions of the shared memory used for the scoreboard allows an attacker who can execute under the Apache UID to send a signal to any process as root or cause a local denial of service attack...
Apache Httpd < 2.0.61 : mod_proxy crash
A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...
Apache Httpd < 1.3.14 : Requests can cause directory listing to be displayed on NT
A security hole on Apache for Windows allows a user to view the listing of a directory instead of the default HTML page by sending a carefully constructed request...