CVE-2003-1580

The CVE-2003-1580 issue affects Apache HTTP Server 2.0.44 when DNS resolution is enabled for client IPs. The vulnerability arises from a logging format that does not indicate whether a dotted-quad IP address is unresolved, which can allow remote attackers to spoof IP addresses by sending crafted ...

CVE-2002-1156

CVE-2002-1156 affects Apache 2.0.42. The vulnerability allows remote attackers to view the source of a CGI script via a POST to a directory where both WebDAV and CGI are enabled. This yields partial confidentiality impact per the NVD metrics (CVSS v2: AV:N/AC:L/Au:N/C:P/I:N/A:N; base score 5.0). ...

CVE-2003-1581

CVE-2003-1581 affects Apache HTTP Server 2.0.44: when DNS resolution is enabled for client IPs, remote attackers can inject arbitrary text into log files via an HTTP request paired with a crafted DNS response, demonstrated as XSS sequences (Inverse Lookup Log Corruption). The connected sources co...

CVE-2000-0913

The CVE-2000-0913 issue affects the Apache web server module mod_rewrite. It enables a remote attacker to read arbitrary files when a RewriteRule directive expands to a filename containing a regular expression, as described for Apache 1.3.12 and earlier. Connected sources corroborate that this is...

CVE-1999-0926

Technical details beyond the minimal description are not publicly provided in the supplied documents. Monitor for updates on affected products, versions, and fixes.

CVE-1999-1293

CVE-1999-1293 concerns Apache’s mod_proxy in version 1.2.5 and earlier. The vulnerability allows remote attackers to trigger a denial of service by sending malformed FTP commands, which causes Apache to dump core. The available public description states the impact as a complete denial of service ...

CVE-2002-1592

CVE-2002-1592 affects Apache HTTP Server 2.0 through 2.0.35. When a CGI application encounters an error, ap_log_rerror may send error messages to the client that include the server’s full path, enabling information disclosure. The provided sources confirm the affected range and the leakage of int...

CVE-2001-1072

CVE-2001-1072 affects Apache with mod_rewrite enabled on UNIX systems. The vulnerability arises when an attacker can insert extra / characters into the requested path, causing the RewriteRule’s regular expression to fail and allowing the path to bypass RewriteRules. The affected component is mod_...

CVE-2002-0249

CVE-2002-0249 affects PHP for Windows when used as a standalone CGI module on Apache 2.0.28 beta, where a crafted request with malformed arguments can disclose the physical path to php.exe in error messages. Affects PHP for Windows running under Apache CGI; the issue stems from error handling tha...

CVE-2002-1593

CVE-2002-1593 affects the Apache httpd mod_dav component prior to version 2.0.42. The issue arises from improper handling of versioning hooks, which can trigger a null dereference in a child process and cause denial of service (CPU consumption) in a preforked multi-processing module. The risk is ...

CVE-2000-1206

CVE-2000-1206 describes a vulnerability in Apache httpd prior to 1.3.11 where mass virtual hosting using mod_rewrite or mod_vhost_alias (in Apache 1.3.9) can allow remote attackers to retrieve arbitrary files. The affected component is the httpd web server and its name-based hosting configuration...

CVE-2001-0766

CVE-2001-0766 affects Apache on MacOS X Client 10.0.3 with HFS+; a case-insensitive filesystem leads to bypassing URL-based access filters. The root cause is that Apache’s file access protection assumes a case-sensitive FS, so URLs with mixed case can bypass / restrictions, potentially exposing p...

CVE-2001-1449

The CVE-2001-1449 issue affects Apache

CVE-2001-1342

Apache httpd before 1.3.20 on Windows and OS/2 is vulnerable to a denial-of-service via a crafted URI containing many slashes or other characters, which causes dereferencing of a NULL pointer in certain functions. The issue leads to a General Protection Fault in a child process when handling the ...

CVE-1999-0107

CVE-1999-0107 is a buffer overflow in Apache 1.2.5 and earlier that allows a remote attacker to cause a denial of service by issuing a high volume of GET requests containing a large number of / characters. The connected Red Hat, SUSE, and PT-Security entries corroborate the issue and describe the...

CVE-2002-0240

CVE-2002-0240 affects PHP when deployed with Apache and configured to serve index.php by default. The vulnerability allows remote attackers to learn the server’s full pathname via the HTTP OPTIONS method, leaking a partial confidentiality breach (PARTIAL) without impact to integrity/availability,...

CVE-2026-44119

Summary: CVE-2026-44119 is an Apache HTTP Server vulnerability described as improper privilege management that allows local .htaccess authors to read files with httpd user privileges. Affected versions are Apache HTTP Server 2.4.67 and earlier; the issue is fixed in 2.4.68. This aligns with multi...

CVE-2001-0042

The CVE-2001-0042 entry affects PHP 3.x running on Apache 1.3.6 . It describes a remote file-read vulnerability via a modified “..” path traversal that can include encoded backslash sequences ("%5c") to disclose arbitrary files. The description indicates the root cause is a dot-dot traversal vuln...

CVE-2026-42535

CVE-2026-42535 affects Apache httpd’s mod_dav_fs in versions 2.4.67 and earlier. A path handling issue lets a WebDAV content author directly manipulate trusted DAV property databases, with the practical impact described as potential child process crashes. The recommended remediation is upgrading ...

CVE-2004-1387

The CVE-2004-1387 entry concerns the apache-utils package, specifically the check_forensic script (version 1.3.31). The vulnerability allows a local user to overwrite or create arbitrary files via a symlink attack on temporary files, with the underlying root cause being improper handling of tempo...

CVE-2026-29169

CVE-2026-29169 : A NULL pointer dereference in mod_dav_lock of Apache HTTP Server 2.4.66 and earlier can crash the server when handling a malicious request. mod_dav_lock is not used internally by mod_dav or mod_dav_fs; the only known use-case was with mod_dav_svn from Apache Subversion (earlier t...

CVE-2026-29170

CVE-2026-29170 describes a cross-site scripting (XSS) vulnerability in Apache HTTP Server 2.4.67 and earlier, affecting mod_proxy_ftp during HTML directory list generation when listing FTP directory contents via forward or reverse proxy configurations. The vulnerability arises in the HTML directo...

CVE-2026-48913

This CVE (CVE-2026-48913) concerns Apache HTTP Server’s mod_http2 component. The reported issue is a Use After Free vulnerability when file handles are exhausted, affecting Apache HTTP Server versions 2.4.55–2.4.67. The description and connected sources consistently cite memory- or resource-relat...

CVE-2026-44186

CVE-2026-44186 affects Apache HTTP Server (mod_proxy_ftp). A loop with an unreachable exit condition can occur when handling an attacker-controlled backend FTP server, impacting 2.4.0 through 2.4.67. The issue’s remediation is to upgrade to Apache HTTP Server 2.4.68 or later. The provided connect...

CVE-2026-42536

Summary (CVE-2026-42536) : A heap-based buffer overflow in Apache HTTP Server affects 2.4.0–2.4.67 through the mod_xml2enc component (and related parsing of untrusted content via xml2StartParse). The issue is resolved by upgrading to Apache HTTP Server 2.4.68. The payload vector involves processi...

CVE-2026-43951

CVE-2026-43951 : Out-of-bounds read in Apache HTTP Server affecting mod_headers and mod_mime across multiple response languages. Affected versions: 2.4.0–2.4.67. The vulnerability is described in enrichment as an out-of-bounds read in the merge_response_headers path, which can lead to a crash. No...

CVE-2026-33523

CVE-2026-33523 describes an HTTP response splitting vulnerability in multiple Apache HTTP Server modules when backends are untrusted or compromised. Affected product: Apache HTTP Server up to version 2.4.66. The issue is resolved by upgrading to version 2.4.67. The provided documents do not inclu...

CVE-2026-34355

CVE-2026-34355 : A buffer overflow in Apache HTTP Server’s mod_proxy_html (affecting 2.4.67 and earlier) can be exploited by an untrusted backend. The advisory indicates that upgrading to 2.4.68 fixes the issue. Documented impact is a network‑accessible overflow with high severity (CVSS v3.1: 7.5...

CVE-2026-44185

CVE-2026-44185 describes a buffer over-read in Apache HTTP Server when handling outbound OCSP requests to an attacker-controlled OCSP server. Affected versions are 2.4.0 through 2.4.67. The vulnerability is associated with the OCSP handling path (mod_ssl OCSP send_request) and can enable an attac...

CVE-2026-34356

CVE-2026-34356 is a heap-based buffer overflow in Apache HTTP Server (affecting 2.4.0–2.4.67) involving malicious backend servers and ProxyPassReverseCookie. The issue could allow a crash or similar impact (per CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H; base score 7.5). Fixed by upgrading to...