271 matches found
Apache Httpd < 2.0.61 : mod_status cross-site scripting
A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...
Apache Httpd < 2.2.2 : mod_imap Referer Cross-Site Scripting
A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...
Apache Httpd < 2.0.65 : apr_fnmatch flaw leads to mod_autoindex remote DoS
A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...
Apache Httpd < 2.2.12 : mod_proxy_ajp information disclosure
An information disclosure flaw was found in modproxyajp in version 2.2.11 only. In certain situations, if a user sent a carefully crafted HTTP request, the server could return a response intended for another user...
Apache Httpd < 2.0.64 : mod_proxy_ftp globbing XSS
A flaw was found in the handling of wildcards in the path of a FTP URL with modproxyftp. If modproxyftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting XSS attacks...
Apache Httpd < 2.0.47 : Remote DoS via IPv6 ftp proxy
When a client requests that proxy ftp connect to a ftp server with IPv6 address, and the proxy is unable to create an IPv6 socket, an infinite loop occurs causing a remote Denial of Service...
Apache Httpd < 1.3.22 : Requests can cause directory listing to be displayed
A vulnerability was found in the Win32 port of Apache 1.3.20. A client submitting a very long URI could cause a directory listing to be returned rather than the default index page...
Apache Httpd < 2.2.6 : mod_cache information leak
The recallheaders function in modmemcache in Apache 2.2.4 did not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...
Apache Httpd < 2.0.44 : MS-DOS device name filtering
On Windows platforms Apache did not correctly filter MS-DOS device names which could lead to denial of service attacks or remote code execution...
Apache Httpd < 1.3.19 : Requests can cause directory listing to be displayed
The default installation can lead modnegotiation and moddir or modautoindex to display a directory listing instead of the multiview index.html file if a very long path was created artificially by using many slashes...
Apache Httpd < 1.3.14 : Rewrite rules that include references allow access to any file
The Rewrite module, modrewrite, can allow access to any file on the web server. The vulnerability occurs only with certain specific cases of using regular expression references in RewriteRule directives: If the destination of a RewriteRule contains regular expression references then an attacker...
Apache Httpd < 2.0.48 : CGI output information leak
A bug in modcgid mishandling of CGI redirect paths can result in CGI output going to the wrong client when a threaded MPM is used...
Apache Httpd < 2.0.64 : expat DoS
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...
Apache Httpd < 1.3.35 : mod_imap Referer Cross-Site Scripting
A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...
Apache Httpd < 2.0.46 : OS2 device name DoS
Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service vulnerability caused by device names...
Apache Httpd < 2.0.43 : Error page XSS using wildcard DNS
Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header...
Apache Httpd < 2.0.51 : WebDAV remote crash
An issue was discovered in the moddav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK request...
Apache Httpd < 1.3.20 : Denial of service attack on Win32 and OS2
A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A client submitting a carefully constructed URI could cause a General Protection Fault in a child process, bringing up a message box which would have to be cleared by the operator to resume operation. This vulnerability introduce...
Apache Httpd < 2.0.49 : listening socket starvation
A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...
Apache Httpd < 1.3.11 : Mass virtual hosting security issue
A security problem can occur for sites using mass name-based virtual hosting using the new modvhostalias module or with special modrewrite rules...
Apache Httpd < 1.3.2 : Multiple header Denial of Service vulnerability
A serious problem exists when a client sends a large number of headers with the same header name. Apache uses up memory faster than the amount of memory required to simply store the received data itself. That is, memory use increases faster and faster as more headers are received, rather than...