Lucene search
K
HttpdMost viewed

271 matches found

Apache Httpd
Apache Httpd
•added 2006/10/19 12:0 a.m.•37 views

Apache Httpd < 2.0.61 : mod_status cross-site scripting

A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...

4.3CVSS0.5AI score0.27783EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2005/11/01 12:0 a.m.•37 views

Apache Httpd < 2.2.2 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

4.3CVSS2.5AI score0.73692EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2011/03/02 12:0 a.m.•36 views

Apache Httpd < 2.0.65 : apr_fnmatch flaw leads to mod_autoindex remote DoS

A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...

4.3CVSS0.7AI score0.30406EPSS
Exploits5Affected Software1
Apache Httpd
Apache Httpd
•added 2009/03/05 12:0 a.m.•36 views

Apache Httpd < 2.2.12 : mod_proxy_ajp information disclosure

An information disclosure flaw was found in modproxyajp in version 2.2.11 only. In certain situations, if a user sent a carefully crafted HTTP request, the server could return a response intended for another user...

5CVSS0.6AI score0.12383EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2008/07/28 12:0 a.m.•36 views

Apache Httpd < 2.0.64 : mod_proxy_ftp globbing XSS

A flaw was found in the handling of wildcards in the path of a FTP URL with modproxyftp. If modproxyftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting XSS attacks...

4.3CVSS0.1AI score0.38953EPSS
Exploits4Affected Software1
Apache Httpd
Apache Httpd
•added 2003/06/25 12:0 a.m.•36 views

Apache Httpd < 2.0.47 : Remote DoS via IPv6 ftp proxy

When a client requests that proxy ftp connect to a ftp server with IPv6 address, and the proxy is unable to create an IPv6 socket, an infinite loop occurs causing a remote Denial of Service...

5CVSS2.6AI score0.09185EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2001/09/18 12:0 a.m.•36 views

Apache Httpd < 1.3.22 : Requests can cause directory listing to be displayed

A vulnerability was found in the Win32 port of Apache 1.3.20. A client submitting a very long URI could cause a directory listing to be returned rather than the default index page...

5CVSS0.5AI score0.06765EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2007/04/26 12:0 a.m.•35 views

Apache Httpd < 2.2.6 : mod_cache information leak

The recallheaders function in modmemcache in Apache 2.2.4 did not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

5CVSS2.7AI score0.05141EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2002/12/04 12:0 a.m.•35 views

Apache Httpd < 2.0.44 : MS-DOS device name filtering

On Windows platforms Apache did not correctly filter MS-DOS device names which could lead to denial of service attacks or remote code execution...

7.5CVSS3.4AI score0.15471EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2001/02/28 12:0 a.m.•35 views

Apache Httpd < 1.3.19 : Requests can cause directory listing to be displayed

The default installation can lead modnegotiation and moddir or modautoindex to display a directory listing instead of the multiview index.html file if a very long path was created artificially by using many slashes...

5CVSS1.5AI score0.75238EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2000/10/13 12:0 a.m.•34 views

Apache Httpd < 1.3.14 : Rewrite rules that include references allow access to any file

The Rewrite module, modrewrite, can allow access to any file on the web server. The vulnerability occurs only with certain specific cases of using regular expression references in RewriteRule directives: If the destination of a RewriteRule contains regular expression references then an attacker...

5CVSS3AI score0.34584EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2003/10/03 12:0 a.m.•33 views

Apache Httpd < 2.0.48 : CGI output information leak

A bug in modcgid mishandling of CGI redirect paths can result in CGI output going to the wrong client when a threaded MPM is used...

10CVSS0.8AI score0.11507EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2009/12/18 12:0 a.m.•32 views

Apache Httpd < 2.0.64 : expat DoS

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...

5CVSS2AI score0.24313EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
•added 2005/11/01 12:0 a.m.•32 views

Apache Httpd < 1.3.35 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

4.3CVSS2.5AI score0.73692EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2003/05/28 12:0 a.m.•32 views

Apache Httpd < 2.0.46 : OS2 device name DoS

Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service vulnerability caused by device names...

5CVSS1.5AI score0.06003EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2002/09/20 12:0 a.m.•32 views

Apache Httpd < 2.0.43 : Error page XSS using wildcard DNS

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header...

6.8CVSS3.9AI score0.94006EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2004/09/12 12:0 a.m.•31 views

Apache Httpd < 2.0.51 : WebDAV remote crash

An issue was discovered in the moddav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK request...

5CVSS1.8AI score0.15463EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
•added 2001/05/22 12:0 a.m.•31 views

Apache Httpd < 1.3.20 : Denial of service attack on Win32 and OS2

A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A client submitting a carefully constructed URI could cause a General Protection Fault in a child process, bringing up a message box which would have to be cleared by the operator to resume operation. This vulnerability introduce...

5CVSS1.3AI score0.12006EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2004/02/25 12:0 a.m.•29 views

Apache Httpd < 2.0.49 : listening socket starvation

A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...

7.5CVSS2.1AI score0.11549EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 2000/01/21 12:0 a.m.•25 views

Apache Httpd < 1.3.11 : Mass virtual hosting security issue

A security problem can occur for sites using mass name-based virtual hosting using the new modvhostalias module or with special modrewrite rules...

5CVSS0.9AI score0.0531EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
•added 1998/09/23 12:0 a.m.•24 views

Apache Httpd < 1.3.2 : Multiple header Denial of Service vulnerability

A serious problem exists when a client sends a large number of headers with the same header name. Apache uses up memory faster than the amount of memory required to simply store the received data itself. That is, memory use increases faster and faster as more headers are received, rather than...

10CVSS2.7AI score0.06805EPSS
Exploits0Affected Software1
Total number of security vulnerabilities271