Apache Httpd < 1.3.39 : Signals to arbitrary processes

The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...

Apache Httpd < 1.3.35 : Expect header Cross-Site Scripting

A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marke...

Apache Httpd < 2.0.58 : mod_ssl access control DoS

A NULL pointer dereference flaw in modssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This...

Apache Httpd < 2.2.2 : mod_ssl access control DoS

A NULL pointer dereference flaw in modssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This...

Apache Httpd < 2.2.2 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Apache Httpd < 2.0.58 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Apache Httpd < 1.3.35 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Apache Httpd < 2.0.55 : Worker MPM memory leak

A memory leak in the worker MPM would allow remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. This issue was downgraded in severity to low from moderate as sucessful...

Apache Httpd < 2.0.55 : PCRE overflow

An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within httpd. A local user who has the ability to create .htaccess files could create a maliciously crafted regular expression in such as way that they could gain the privileges of a httpd child...

Apache Httpd < 2.0.55 : HTTP Request Spoofing

A flaw occured when using the Apache server as a HTTP proxy. A remote attacker could send a HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, causing Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server ...

Apache Httpd < 2.0.55 : Malicious CRL off-by-one

An off-by-one stack overflow was discovered in the modssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list CRL...

Apache Httpd < 2.0.55 : SSLVerifyClient bypass

A flaw in the modssl handling of the "SSLVerifyClient" directive. This flaw would occur if a virtual host has been configured using "SSLVerifyClient optional" and further a directive "SSLVerifyClient required" is set for a specific location. For servers configured in this fashion, an attacker may...

Apache Httpd < 2.0.55 : Byterange filter DoS

A flaw in the byterange filter would cause some responses to be buffered into memory. If a server has a dynamic resource such as a CGI script or PHP script which generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading ...

Apache Httpd < 2.0.53 : Memory consumption DoS

An issue was discovered where the field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server the ability to cause Apache children to consume proportional amounts of memory, leading to a denial of...

Apache Httpd < 1.3.33 : mod_include overflow

A buffer overflow in modinclude could allow a local user who is authorised to create server side include SSI files to gain the privileges of a httpd child...

Apache Httpd < 2.0.53 : SSLCipherSuite bypass

An issue has been discovered in the modssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any...

Apache Httpd < 2.0.52 : Basic authentication bypass

A flaw in Apache 2.0.51 only broke the merging of the Satisfy directive which could result in access being granted to resources despite any configured authentication...

Apache Httpd < 2.0.51 : WebDAV remote crash

An issue was discovered in the moddav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK request...

Apache Httpd < 2.0.51 : IPv6 URI parsing heap overflow

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

Apache Httpd < 2.0.51 : Environment variable expansion flaw

A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...

Apache Httpd < 2.0.51 : Malicious SSL proxy can cause crash

An issue was discovered in the modssl module in Apache 2.0.44-2.0.50 which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue ...

Apache Httpd < 2.0.51 : SSL connection infinite loop

An issue was discovered in the modssl module in Apache 2.0. A remote attacker who forces an SSL connection to be aborted in a particular state may cause an Apache child process to enter an infinite loop, consuming CPU resources...

Apache Httpd < 2.0.50 : FakeBasicAuth overflow

A buffer overflow in the modssl FakeBasicAuth code could be exploited by an attacker using a trusted client certificate with a subject DN field which exceeds 6K in length...

Apache Httpd < 2.0.50 : Header parsing memory leak

A memory leak in parsing of HTTP headers which can be triggered remotely may allow a denial of service attack due to excessive memory consumption...

Apache Httpd < 2.0.45 : Line feed memory leak DoS

Apache 2.0 versions before Apache 2.0.45 had a significant Denial of Service vulnerability. Remote attackers could cause a denial of service memory consumption via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed...

Apache Httpd < 2.0.53 : mod_disk_cache stores sensitive headers

The experimental moddiskcache module stored client authentication credentials for cached objects such as proxy authentication credentials and Basic Authentication passwords on disk...

Apache Httpd < 1.3.31 : listening socket starvation

A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...

Apache Httpd < 2.0.49 : listening socket starvation

A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...

Apache Httpd < 2.0.49 : mod_ssl memory leak

A memory leak in modssl allows a remote denial of service attack against an SSL-enabled server by sending plain HTTP requests to the SSL port...

Apache Httpd < 1.3.31 : mod_digest nonce checking

moddigest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that moddigest implements an older version of the MD5...

Apache Httpd < 1.3.31 : Allow/Deny parsing on big-endian 64-bit platforms

A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match...

Apache Httpd < 2.0.48 : CGI output information leak

A bug in modcgid mishandling of CGI redirect paths can result in CGI output going to the wrong client when a threaded MPM is used...

Apache Httpd < 2.0.48 : Local configuration regular expression overflow

By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...

Apache Httpd < 1.3.29 : Local configuration regular expression overflow

By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...

Apache Httpd < 1.3.28 : RotateLogs DoS

The rotatelogs support program on Win32 and OS/2 would quit logging and exit if it received special control characters such as 0x1A...

Apache Httpd < 2.0.47 : Remote DoS with multiple Listen directives

In a server with multiple listening sockets a certain error returned by accept on a rarely access port can cause a temporary denial of service, due to a bug in the prefork MPM...

Apache Httpd < 2.0.47 : Remote DoS via IPv6 ftp proxy

When a client requests that proxy ftp connect to a ftp server with IPv6 address, and the proxy is unable to create an IPv6 socket, an infinite loop occurs causing a remote Denial of Service...

Apache Httpd < 1.3.32 : mod_proxy buffer overflow

A buffer overflow was found in the Apache proxy module, modproxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cau...

Apache Httpd < 2.0.46 : OS2 device name DoS

Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service vulnerability caused by device names...

Apache Httpd < 2.0.47 : mod_ssl renegotiation issue

A bug in the optional renegotiation code in modssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used SSLOptions +OptRenegotiate along with verification of client certificates and a change to the cipher suite over the...

Apache Httpd < 2.0.46 : Basic Authentication DoS

A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...

Apache Httpd < 2.0.46 : APR remote crash

A vulnerability in the aprpsprintf function in the Apache Portable Runtime APR library allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long strings, as demonstrated using XML objects to moddav, and possibly other vectors...

Apache Httpd < 2.0.46 : Filtered escape sequences

Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 1.3.26 : Filtered escape sequences

Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 1.3.31 : Error log escape filtering

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 2.0.49 : Error log escape filtering

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 2.0.44 : MS-DOS device name filtering

On Windows platforms Apache did not correctly filter MS-DOS device names which could lead to denial of service attacks or remote code execution...

Apache Httpd < 2.0.44 : Apache can serve unexpected files

On Windows platforms Apache could be forced to serve unexpected files by appending illegal characters such as '' to the request URL...

Apache Httpd < 2.0.43 : CGI scripts source revealed using WebDAV

In Apache 2.0.42 only, for a location where both WebDAV and CGI were enabled, a POST request to a CGI script would reveal the CGI source to a remote user...

Apache Httpd < 2.0.42 : mod_dav crash

A flaw was found in handling of versioning hooks in moddav. An attacker could send a carefully crafted request in such a way to cause the child process handling the connection to crash. This issue will only result in a denial of service where a threaded process model is in use...