Http Server@* Security Vulnerabilities and Issues — Http Server@* CVE List

Lucene search

ApacheHttp Server*

10 matches found

CVE•added 2004/09/01 4:0 a.m.•180 views

CVE-2003-0020

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

5CVSS7.7AI score0.19383EPSS

CVE•added 2004/07/07 4:0 a.m.•138 views

CVE-2004-0488

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

7.5CVSS9.7AI score0.57098EPSS

CVE•added 2004/03/03 5:0 a.m.•102 views

CVE-2003-0987

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

7.5CVSS7.5AI score0.19648EPSS

CVE•added 2004/05/04 4:0 a.m.•84 views

CVE-2004-0174

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."

7.5CVSS7.3AI score0.47089EPSS

CVE•added 2004/10/20 4:0 a.m.•82 views

CVE-2004-0747

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

7.8CVSS7.8AI score0.01127EPSS

CVE•added 2004/09/17 4:0 a.m.•72 views

CVE-2004-0809

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

5CVSS7.2AI score0.16458EPSS

CVE•added 2004/10/20 4:0 a.m.•67 views

CVE-2004-0786

The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.

5CVSS7.3AI score0.51084EPSS

CVE•added 2004/09/01 4:0 a.m.•64 views

CVE-1999-1199

Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.

10CVSS6.9AI score0.041EPSS

CVE•added 2004/10/20 4:0 a.m.•60 views

CVE-2004-0751

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).

5CVSS7.4AI score0.5648EPSS

CVE•added 2004/10/20 4:0 a.m.•59 views

CVE-2004-0748

mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.

5CVSS7.3AI score0.20677EPSS