Apache Httpd < 1.3.29 : Local configuration regular expression overflow

By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...

Apache Httpd < 2.0.46 : OS2 device name DoS

Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service vulnerability caused by device names...

Apache Httpd < 2.0.47 : mod_ssl renegotiation issue

A bug in the optional renegotiation code in modssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used SSLOptions +OptRenegotiate along with verification of client certificates and a change to the cipher suite over the...

Apache Httpd < 1.3.31 : Allow/Deny parsing on big-endian 64-bit platforms

A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match...

Apache Httpd < 2.0.47 : Remote DoS with multiple Listen directives

In a server with multiple listening sockets a certain error returned by accept on a rarely access port can cause a temporary denial of service, due to a bug in the prefork MPM...

Apache Httpd < 2.0.40 : Path vulnerability

Certain URIs would bypass security and allow users to invoke or access any file depending on the system configuration. Affects Windows, OS2, Netware and Cygwin platforms only...

Apache Httpd < 1.3.20 : Denial of service attack on Win32 and OS2

A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A client submitting a carefully constructed URI could cause a General Protection Fault in a child process, bringing up a message box which would have to be cleared by the operator to resume operation. This vulnerability introduce...

Apache Httpd < 2.0.51 : Environment variable expansion flaw

A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...

Apache Httpd < 2.0.50 : FakeBasicAuth overflow

A buffer overflow in the modssl FakeBasicAuth code could be exploited by an attacker using a trusted client certificate with a subject DN field which exceeds 6K in length...

Apache Httpd < 1.3.14 : Rewrite rules that include references allow access to any file

The Rewrite module, modrewrite, can allow access to any file on the web server. The vulnerability occurs only with certain specific cases of using regular expression references in RewriteRule directives: If the destination of a RewriteRule contains regular expression references then an attacker...

Apache Httpd < 2.0.43 : CGI scripts source revealed using WebDAV

In Apache 2.0.42 only, for a location where both WebDAV and CGI were enabled, a POST request to a CGI script would reveal the CGI source to a remote user...

Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source

A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...

Apache Httpd < 2.0.64 : expat DoS

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...

Apache Httpd < 2.2.6 : mod_cache information leak

The recallheaders function in modmemcache in Apache 2.2.4 did not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

Apache Httpd < 2.0.53 : mod_disk_cache stores sensitive headers

The experimental moddiskcache module stored client authentication credentials for cached objects such as proxy authentication credentials and Basic Authentication passwords on disk...

Apache Httpd < 2.0.49 : listening socket starvation

A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...

Apache Httpd < 2.0.48 : CGI output information leak

A bug in modcgid mishandling of CGI redirect paths can result in CGI output going to the wrong client when a threaded MPM is used...

Apache Httpd < 1.3.24 : Win32 Apache Remote command execution

Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts...

Apache Httpd < 1.3.28 : RotateLogs DoS

The rotatelogs support program on Win32 and OS/2 would quit logging and exit if it received special control characters such as 0x1A...

Apache Httpd < 1.3.2 : Multiple header Denial of Service vulnerability

A serious problem exists when a client sends a large number of headers with the same header name. Apache uses up memory faster than the amount of memory required to simply store the received data itself. That is, memory use increases faster and faster as more headers are received, rather than...

Apache Httpd < 1.3.11 : Mass virtual hosting security issue

A security problem can occur for sites using mass name-based virtual hosting using the new modvhostalias module or with special modrewrite rules...