CVE-2004-0942

CVE-2004-0942 affects Apache 2.0.52 and earlier. A remote attacker can trigger a denial of service by sending an HTTP GET with a MIME header containing many lines of whitespace, causing CPU/memory consumption. Public references show patches and advisories across platforms (e.g., ALT Linux package...

CVE-2004-0174

CVE-2004-0174 affects Apache HTTP Server via a denial-of-service condition caused by handling multiple listening sockets. OpenVAS entries describe the vulnerability as applicable to Apache versions older than 2.0.49 or 1.3.31, where a remote attacker can block new connections by targeting a rarel...

CVE-2007-1863

CVE-2007-1863 affects the Apache HTTP Server, specifically the mod_cache module. When caching is enabled and using a threaded MPM, a crafted request containing one of the Cache-Control headers (s-maxage, max-age, min-fresh, or max-stale) without a value can crash the Apache child process, causing...

CVE-2009-1191

CVE-2009-1191 affects the Apache HTTP Server, specifically the mod_proxy_ajp component in 2.2.11. The issue allows a remote attacker to obtain sensitive response data intended for a client that sent an earlier POST request with no request body, via a crafted HTTP request. Connected advisories not...

CVE-1999-0289

The CVE-1999-0289 entry concerns the Apache HTTP Server for Win32. Affected component: the Web server handling URLs; issue described as: the server may provide access to restricted files when a "." is appended to a requested URL. The core impact is restricted-file disclosure. Public details acros...

CVE-2001-1534

CVE-2001-1534 affects Apache with the mod_usertrack module (versions 1.3.11–1.3.20). The vulnerability arises from generating session IDs with predictable information (host IP, system time, server PID), enabling local users to obtain session IDs and bypass authentication when those IDs are used f...

CVE-2002-0654

CVE-2002-0654 affects Apache HTTP Server 2.0.x (up to 2.0.39) on Windows, OS/2 and NetWare. The vulnerability allows remote attackers to disclose the server’s full path by triggering errors from (1) a request for a .var file or (2) a failure when invoking a CGI child process, causing error messag...

CVE-2004-0811

Technical details about CVE-2004-0811 are not publicly available in the provided connected documents. Please monitor for updates for affected products, exact vectors, impact, and remediation information.

CVE-1999-0045

CVE-1999-0045 concerns an information-disclosure flaw in the nph-test-cgi script used by some web servers, where an unauthenticated attacker can list directory contents. The Nessus plugin (NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing) explains that the issue arises because the script does...

CVE-2004-0809

CVE-2004-0809 affects the Apache mod_dav WebDAV module in Apache 2.0.50 and earlier, allowing remote attackers to cause a denial of service (child process crash) via a particular sequence of LOCK requests for locations with WebDAV access. Connected documents in OpenVAS/Tenable references corrobor...

CVE-1999-1053

CVE-1999-1053 relates to the guestbook.pl CGI which sanitizes Server-Side Includes by stripping text between . The provided data confirms a vulnerability where this sanitization is incomplete, allowing remote attackers to execute arbitrary commands when guestbook.pl runs on Apache 1.3.9 and poten...

CVE-2003-0016

CVE-2003-0016 refers to the Apache HTTP Server vulnerability where, on Windows 9x/Me, an HTTP request containing MS-DOS device names could remotely cause a denial of service or enable arbitrary code execution. Public sources in the connected documents consistently describe this as a flaw in filte...

CVE-2004-0113

CVE-2004-0113 affects Apache httpd with mod_ssl on Apache 2 before 2.0.49. A memory leak in ssl_engine_io.c can be triggered by plain HTTP requests to the SSL port, leading to denial of service via memory consumption. Affected product is Apache HTTP Server with mod_ssl; root cause is a leak in SS...

CVE-2004-1834

The CVE-2004-1834 issue affects mod_disk_cache in Apache 2.0–2.0.49, which stores client headers (including authentication information) on disk, potentially allowing local users to access sensitive data. The provided documents confirm the vulnerability description but do not specify a concrete fi...

CVE-2007-6514

CVE-2007-6514 affects Apache HTTP Server when run on Linux with a document root on a Windows SMB share mounted via smbfs. The vulnerability arises from a trailing backslash () not being handled by the AddType directive, allowing remote attackers to disclose unprocessed contents of PHP files (e.g....

CVE-2003-1307

Summary: CVE-2003-1307 affects the mod_php module of the Apache HTTP Server. Vulnerability: Local users with write access to PHP scripts can signal the server’s process group and manipulate server file descriptors, demonstrated by sending a STOP signal and intercepting connections on the server’s...

CVE-2026-49975

The CVE-2026-49975 entry describes a memory-allocation vulnerability in Apache HTTP Server's mod_http2 that can cause a denial of service via malicious HTTP requests. Affected products/versions reported across sources include Apache httpd 2.4.17 through 2.4.67. The Debian security trackers confir...

CVE-2026-29168

CVE-2026-29168 affects Apache HTTP Server’s mod_md and is due to an Allocation of Resources Without Limits or Throttling via OCSP response data. Affected are Apache httpd versions 2.4.30 through 2.4.66; upgrading to 2.4.67 fixes the issue. The vulnerability description consistently notes this as ...

CVE-2026-24072

CVE-2026-24072 is an escalation-of-privilege issue in Apache HTTP Server up to version 2.4.66, where local ".htaccess" authors can read files with the privileges of the httpd user due to a vulnerability in various modules (notably via the ap_expr/mod_rewrite path). The fixed version is 2.4.67. Pr...

CVE-1999-0071

CVE-1999-0071 affects the Apache httpd server prior to 1.1.2 (versions 1.1.1 and earlier) due to a cookie header buffer overflow. The root cause is a vulnerable handling of the HTTP Cookie header (too long name/value) that can cause the server to crash. Some connected sources describe the impact ...

CVE-2004-0263

Technical details (affected product/version, root cause, impact, and remediation) are not publicly provided in the supplied connected documents. Monitor for updates.

CVE-2004-0786

CVE-2004-0786 concerns a vulnerability in the apr-util IPv6 URI parsing (apr_uri_parse) used by Apache 2.x (APR library) prior to 2.0.50. A crafted IPv6 URL can trigger a denial-of-service in the httpd child process, with remote code execution possible under certain configurations or platforms. A...

CVE-2000-0869

CVE-2000-0869: The default Apache 1.3.12 configuration on SuSE Linux 6.4 enables WebDAV, allowing remote attackers to list arbitrary directories via the PROPFIND method. This results in information disclosure about directory structure. The issue is tied to the WebDAV module being active by defaul...

CVE-2001-0925

The CVE-2001-0925 entry describes a vulnerability in the default installation of Apache prior to 1.3.19 where a crafted HTTP request containing many slashes can cause directory listings (instead of the multiview index) due to mishandling by mod_negotiation, mod_dir, or mod_autoindex. Affected sof...

CVE-2002-0661

Apache HTTP Server 2.0.x up to 2.0.39 on Windows/OS2/Netware is affected by CVE-2002-0661 through a directory traversal flaw. An attacker can use backslash-embedded ... sequences to read arbitrary files and, per sources, potentially execute commands via the vulnerable path. The issue is fixed in ...

CVE-2007-1862

The CVE-2007-1862 issue affects Apache 2.2.4’s mod_mem_cache recall_headers, where not all header levels are copied, potentially causing HTTP responses to include previously used data. This could lead to information disclosure to remote attackers. Connected advisories confirm affected packages an...

CVE-2000-1205

CVE-2000-1205 covers cross-site scripting in Apache 1.3.0–1.3.11. The vulnerability allows remote attackers to execute script as other visitors via (1) printenv CGI (printenv.pl) output, (2) error pages generated by ap_send_error_response (e.g., default 404) that omit an explicit charset, or (3) ...

CVE-2002-1233

CVE-2002-1233 applies to Debian’s apache-ssl packages, where a regression in Apache 1.3.27 and earlier (Debian 2.2 before 1.3.9, Debian 3.0 before 1.3.26) allows local attackers to read or modify the Apache password file via a symlink attack when running htpasswd or htdigest. The issue reintroduc...

CVE-1999-1199

The CVE-1999-1199 entry concerns Apache HTTP Server 1.3.1 and earlier. A remote attacker can trigger a denial of service by sending a large number of MIME headers with the same name (the so‑called “sioux” vulnerability). The NVD entry assigns a base score of 10.0 (HIGH) with NETWORK attack vector...

CVE-2002-1658

CVE-2002-1658 describes a buffer overflow in htdigest used by Apache 1.3.26/1.3.27 that may allow arbitrary code execution via a long user argument. The vulnerability is tied to htdigest functionality, with local access as the attack vector and no setuid/setgid context; escalation of privileges i...

CVE-2004-0751

Summary (grounded in provided docs): CVE-2004-0751 concerns the Apache httpd mod_ssl module. The issue arises when reverse proxying to an SSL server, where the char_buffer_read function can trigger a remote denial of service via a segmentation fault. Connected documents corroborate the vulnerabil...

CVE-2026-23918

CVE-2026-23918 is a vulnerability in Apache HTTP Server affecting version 2.4.66 with the HTTP/2 protocol, described as a double free and possible remote code execution. The issue may impact confidentiality, integrity, and availability (per the CVSS 3.1 metrics: base score 8.8, high impact). Reme...

CVE-2001-0729

CVE-2001-0729 concerns Apache HTTP Server on Windows (Win32) where a bug in Apache 1.3.20 can expose directory contents. The vulnerability arises when a client sends a very long URI composed of many forward slashes, allowing a remote attacker to bypass the default index page and cause directory l...

CVE-2003-0134

CVE-2003-0134 concerns Apache on OS/2 (versions 2.0–2.0.45) with a Denial of Service vulnerability in filestat.c related to device-name handling. Public details indicate the flaw could be triggered by specific requests involving device names, causing the running OS/2 worker process to fault. The ...

CVE-2003-0253

CVE-2003-0253 affects Apache 2.x with the prefork MPM before 2.0.47. A bug in handling accept() errors on rarely accessed ports could cause a temporary denial of service. The available connected documents consistently describe this as a DoS issue tied to the prefork MPM; remediation involves upgr...

CVE-2007-3303

CVE-2007-3303 affects Apache httpd 2.0.59 and 2.2.4 with the Prefork MPM. The described issue arises from certain code sequences executed in a worker process, which can either stop request processing by killing all workers and preventing replacements, or cause the master process to fork an arbitr...

CVE-2003-0460

Apache rotatelogs vulnerability CVE-2003-0460 affects Apache 1.3.x before 1.3.28 on Windows/OS/2, where rotatelogs does not ignore certain control characters received over the pipe, potentially allowing remote attackers to cause a denial of service. Documents from NVD and CERT note that this coul...

CVE-2002-1850

The CVE-2002-1850 issue affects Apache’s mod_cgi in versions 2.0.39 and 2.0.40. A CGI script that writes a large amount of data to stderr can trigger a read/write deadlock between httpd and the CGI script, allowing local users and possibly remote attackers to cause a denial of service (hang and m...

CVE-2003-0189

CVE-2003-0189 detail (from connected documents): The Apache HTTP Server 2.0.40–2.0.45 on Unix platforms fails to handle thread safety in the apr_password_validate() path when crypt_r/crypt is used, enabling remote attackers to trigger a denial-of-service by breaking Basic Authentication under a t...

CVE-2002-2103

CVE-2002-2103 affects Apache before 1.3.24. When writing to the log file, Apache may record a spoofed hostname from reverse DNS for an IP address, even if a double-reverse lookup fails, allowing remote attackers to hide the original source of activities. The provided documents do not include expl...

CVE-2003-0254

CVE-2003-0254 affects Apache 2.x before 2.0.47. When running on an IPv6 host, the FTP proxy component may fail to create an IPv6 socket, triggering a Denial of Service via an infinite loop. Public advisories reference Apache HTTP Server vulnerabilities and note this can be exploited by remote act...

CVE-2004-0173

CVE-2004-0173 describes a directory traversal vulnerability affecting Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier when run on Cygwin. An attacker can read arbitrary files by requesting a URL containing "..%5C" (dot dot encoded backslash) sequences, enabling partial confidentiality im...

CVE-2000-0868

The CVE-2000-0868 issue affects Apache 1.3.12 on SuSE Linux 6.4 where the default configuration exposes CGI script source code. The vulnerability arises because /cgi-bin/ requests can be rewritten to /cgi-bin-sdb/, which is an Alias of /cgi-bin, enabling remote attackers to disclose source code o...

CVE-2002-2012

CVE-2002-2012 concerns an unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0. The connected documents provide a concrete context: remote attackers could trigger “unexpected results” by sending an HTTP request. The vulnerability impact is described as affecting availabili...

CVE-2003-0017

Apache HTTP Server on Windows versions older than 2.0.44 is affected by CVE-2003-0017. A crafted HTTP request containing illegal characters (for example, ">") can cause the server to process a different filename and disclose certain files. This vulnerability is a remote-access issue with netwo...

CVE-2004-0748

CVE-2004-0748 affects the Apache HTTP Server with mod_ssl

CVE-2004-2343

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess restrictions defined in httpd.conf with directives like Deny From All by using an ErrorDocument directive. The Red Hat and CVE records confirm this is the same issue; vendor dispute noted that .htaccess applies to extern...

CVE-2000-1204

CVE-2000-1204 affects Apache 1.3.9, 1.3.11 and 1.3.12 via the mod_vhost_alias module. The issue allows remote attackers to obtain the source code of CGI programs if the cgi-bin directory is under the document root. Impact is partial confidentiality; no exploitation details are provided in the con...

CVE-2001-0730

CVE-2001-0730 affects Apache 1.3.x by a flaw in the split-logfile support: a crafted HTTP request with a slash in the Host header can cause the server to overwrite any file ending in ".log" on the system. Affected version in public reports centers on Apache 1.3.20 with the ability to write arbitr...

CVE-2002-0257

CVE-2002-0257 affects MakeBid Auction Deluxe 3.30 and is a cross-site scripting vulnerability in Auction Deluxe’s auction.pl. The issue allows remote attackers to read other users’ data via multiple form fields (TITLE, DESCTIT, DESC, searchstring, ALIAS, EMAIL, ADDRESS1-3, PHONE1-4). The NASL ent...