Lucene search
K
ApacheHttp Server

330 matches found

CVE
CVE
added 2004/09/01 4:0 a.m.72 views

CVE-2003-0017

Apache HTTP Server on Windows versions older than 2.0.44 is affected by CVE-2003-0017. A crafted HTTP request containing illegal characters (for example, ">") can cause the server to process a different filename and disclose certain files. This vulnerability is a remote-access issue with netwo...

5CVSS6.6AI score0.05782EPSS
CVE
CVE
added 2004/09/10 4:0 a.m.72 views

CVE-2004-0748

CVE-2004-0748 affects the Apache HTTP Server with mod_ssl

5CVSS7.3AI score0.22307EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.71 views

CVE-2004-2343

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess restrictions defined in httpd.conf with directives like Deny From All by using an ErrorDocument directive. The Red Hat and CVE records confirm this is the same issue; vendor dispute noted that .htaccess applies to extern...

7.2CVSS6.3AI score0.00604EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.70 views

CVE-2001-0730

CVE-2001-0730 affects Apache 1.3.x by a flaw in the split-logfile support: a crafted HTTP request with a slash in the Host header can cause the server to overwrite any file ending in ".log" on the system. Affected version in public reports centers on Apache 1.3.20 with the ability to write arbitr...

5CVSS6.7AI score0.11922EPSS
CVE
CVE
added 2026/05/04 2:48 p.m.70 views

CVE-2026-29169

CVE-2026-29169 : A NULL pointer dereference in mod_dav_lock of Apache HTTP Server 2.4.66 and earlier can crash the server when handling a malicious request. mod_dav_lock is not used internally by mod_dav or mod_dav_fs; the only known use-case was with mod_dav_svn from Apache Subversion (earlier t...

7.5CVSS5.8AI score0.00594EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.69 views

CVE-2000-1204

CVE-2000-1204 affects Apache 1.3.9, 1.3.11 and 1.3.12 via the mod_vhost_alias module. The issue allows remote attackers to obtain the source code of CGI programs if the cgi-bin directory is under the document root. Impact is partial confidentiality; no exploitation details are provided in the con...

5CVSS6.8AI score0.10515EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.69 views

CVE-2002-0257

CVE-2002-0257 affects MakeBid Auction Deluxe 3.30 and is a cross-site scripting vulnerability in Auction Deluxe’s auction.pl. The issue allows remote attackers to read other users’ data via multiple form fields (TITLE, DESCTIT, DESC, searchstring, ALIAS, EMAIL, ADDRESS1-3, PHONE1-4). The NASL ent...

7.5CVSS6.1AI score0.0421EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.68 views

CVE-2000-0913

The CVE-2000-0913 issue affects the Apache web server module mod_rewrite. It enables a remote attacker to read arbitrary files when a RewriteRule directive expands to a filename containing a regular expression, as described for Apache 1.3.12 and earlier. Connected sources corroborate that this is...

5CVSS6.7AI score0.34584EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.68 views

CVE-2002-1156

CVE-2002-1156 affects Apache 2.0.42. The vulnerability allows remote attackers to view the source of a CGI script via a POST to a directory where both WebDAV and CGI are enabled. This yields partial confidentiality impact per the NVD metrics (CVSS v2: AV:N/AC:L/Au:N/C:P/I:N/A:N; base score 5.0). ...

5CVSS6.4AI score0.1346EPSS
CVE
CVE
added 2010/02/05 10:13 p.m.68 views

CVE-2003-1580

The CVE-2003-1580 issue affects Apache HTTP Server 2.0.44 when DNS resolution is enabled for client IPs. The vulnerability arises from a logging format that does not indicate whether a dotted-quad IP address is unresolved, which can allow remote attackers to spoof IP addresses by sending crafted ...

4.3CVSS6.8AI score0.03709EPSS
CVE
CVE
added 2010/02/05 10:13 p.m.68 views

CVE-2003-1581

CVE-2003-1581 affects Apache HTTP Server 2.0.44: when DNS resolution is enabled for client IPs, remote attackers can inject arbitrary text into log files via an HTTP request paired with a crafted DNS response, demonstrated as XSS sequences (Inverse Lookup Log Corruption). The connected sources co...

2.6CVSS6.2AI score0.0308EPSS
CVE
CVE
added 2001/10/12 4:0 a.m.67 views

CVE-2001-0766

CVE-2001-0766 affects Apache on MacOS X Client 10.0.3 with HFS+; a case-insensitive filesystem leads to bypassing URL-based access filters. The root cause is that Apache’s file access protection assumes a case-sensitive FS, so URLs with mixed case can bypass / restrictions, potentially exposing p...

9.8CVSS9.4AI score0.08856EPSS
CVE
CVE
added 2026/06/08 3:16 p.m.67 views

CVE-2026-43951

CVE-2026-43951 : Out-of-bounds read in Apache HTTP Server affecting mod_headers and mod_mime across multiple response languages. Affected versions: 2.4.0–2.4.67. The vulnerability is described in enrichment as an out-of-bounds read in the merge_response_headers path, which can lead to a crash. No...

6.5CVSS5.5AI score0.00525EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.66 views

CVE-1999-0926

Technical details beyond the minimal description are not publicly provided in the supplied documents. Monitor for updates on affected products, versions, and fixes.

10CVSS7AI score0.09449EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.66 views

CVE-1999-1293

CVE-1999-1293 concerns Apache’s mod_proxy in version 1.2.5 and earlier. The vulnerability allows remote attackers to trigger a denial of service by sending malformed FTP commands, which causes Apache to dump core. The available public description states the impact as a complete denial of service ...

10CVSS7AI score0.04025EPSS
CVE
CVE
added 2005/03/13 5:0 a.m.66 views

CVE-2002-1592

CVE-2002-1592 affects Apache HTTP Server 2.0 through 2.0.35. When a CGI application encounters an error, ap_log_rerror may send error messages to the client that include the server’s full path, enabling information disclosure. The provided sources confirm the affected range and the leakage of int...

5CVSS6.5AI score0.12458EPSS
CVE
CVE
added 2005/03/13 5:0 a.m.65 views

CVE-2002-1593

CVE-2002-1593 affects the Apache httpd mod_dav component prior to version 2.0.42. The issue arises from improper handling of versioning hooks, which can trigger a null dereference in a child process and cause denial of service (CPU consumption) in a preforked multi-processing module. The risk is ...

5CVSS6.6AI score0.07044EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.64 views

CVE-2001-1072

CVE-2001-1072 affects Apache with mod_rewrite enabled on UNIX systems. The vulnerability arises when an attacker can insert extra / characters into the requested path, causing the RewriteRule’s regular expression to fail and allowing the path to bypass RewriteRules. The affected component is mod_...

5CVSS7.1AI score0.04313EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.64 views

CVE-2002-0249

CVE-2002-0249 affects PHP for Windows when used as a standalone CGI module on Apache 2.0.28 beta, where a crafted request with malformed arguments can disclose the physical path to php.exe in error messages. Affects PHP for Windows running under Apache CGI; the issue stems from error handling tha...

5CVSS6.4AI score0.07558EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.63 views

CVE-2000-1206

CVE-2000-1206 describes a vulnerability in Apache httpd prior to 1.3.11 where mass virtual hosting using mod_rewrite or mod_vhost_alias (in Apache 1.3.9) can allow remote attackers to retrieve arbitrary files. The affected component is the httpd web server and its name-based hosting configuration...

5CVSS6.9AI score0.0531EPSS
CVE
CVE
added 2026/06/08 3:20 p.m.63 views

CVE-2026-34355

CVE-2026-34355 : A buffer overflow in Apache HTTP Server’s mod_proxy_html (affecting 2.4.67 and earlier) can be exploited by an untrusted backend. The advisory indicates that upgrading to 2.4.68 fixes the issue. Documented impact is a network‑accessible overflow with high severity (CVSS v3.1: 7.5...

7.5CVSS5.7AI score0.00687EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.62 views

CVE-2001-1449

The CVE-2001-1449 issue affects Apache

7.5CVSS6.8AI score0.07805EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.58 views

CVE-2001-1342

Apache httpd before 1.3.20 on Windows and OS/2 is vulnerable to a denial-of-service via a crafted URI containing many slashes or other characters, which causes dereferencing of a NULL pointer in certain functions. The issue leads to a General Protection Fault in a child process when handling the ...

5CVSS6.8AI score0.12006EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.57 views

CVE-1999-0107

CVE-1999-0107 is a buffer overflow in Apache 1.2.5 and earlier that allows a remote attacker to cause a denial of service by issuing a high volume of GET requests containing a large number of / characters. The connected Red Hat, SUSE, and PT-Security entries corroborate the issue and describe the...

5CVSS7.7AI score0.19937EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.52 views

CVE-2002-0240

CVE-2002-0240 affects PHP when deployed with Apache and configured to serve index.php by default. The vulnerability allows remote attackers to learn the server’s full pathname via the HTTP OPTIONS method, leaking a partial confidentiality breach (PARTIAL) without impact to integrity/availability,...

5CVSS7AI score0.07777EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.49 views

CVE-2001-0042

The CVE-2001-0042 entry affects PHP 3.x running on Apache 1.3.6 . It describes a remote file-read vulnerability via a modified “..” path traversal that can include encoded backslash sequences ("%5c") to disclose arbitrary files. The description indicates the root cause is a dot-dot traversal vuln...

5CVSS7.2AI score0.08603EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.49 views

CVE-2004-1387

The CVE-2004-1387 entry concerns the apache-utils package, specifically the check_forensic script (version 1.3.31). The vulnerability allows a local user to overwrite or create arbitrary files via a symlink attack on temporary files, with the underlying root cause being improper handling of tempo...

2.1CVSS6.7AI score0.00549EPSS
CVE
CVE
added 2026/05/04 2:40 p.m.49 views

CVE-2026-33523

CVE-2026-33523 describes an HTTP response splitting vulnerability in multiple Apache HTTP Server modules when backends are untrusted or compromised. Affected product: Apache HTTP Server up to version 2.4.66. The issue is resolved by upgrading to version 2.4.67. The provided documents do not inclu...

6.5CVSS5.8AI score0.00436EPSS
CVE
CVE
added 2026/06/08 3:22 p.m.45 views

CVE-2026-44185

CVE-2026-44185 describes a buffer over-read in Apache HTTP Server when handling outbound OCSP requests to an attacker-controlled OCSP server. Affected versions are 2.4.0 through 2.4.67. The vulnerability is associated with the OCSP handling path (mod_ssl OCSP send_request) and can enable an attac...

7.3CVSS5.4AI score0.00584EPSS
CVE
CVE
added 2026/06/08 3:12 p.m.33 views

CVE-2026-34356

CVE-2026-34356 is a heap-based buffer overflow in Apache HTTP Server (affecting 2.4.0–2.4.67) involving malicious backend servers and ProxyPassReverseCookie. The issue could allow a crash or similar impact (per CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H; base score 7.5). Fixed by upgrading to...

7.5CVSS5.4AI score0.00682EPSS
Total number of security vulnerabilities330