Http Server@* Security Vulnerabilities and Issues — Http Server@* CVE List

Lucene search

ApacheHttp Server*

10 matches found

CVE•added 2005/09/06 11:3 p.m.•1042 views

CVE-2005-2700

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

10CVSS9.3AI score0.04895EPSS

CVE•added 2005/08/05 4:0 a.m.•167 views

CVE-2005-1268

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

5CVSS6.6AI score0.04266EPSS

CVE•added 2005/12/13 8:3 p.m.•121 views

CVE-2005-3352

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

4.3CVSS7.9AI score0.37141EPSS

CVE•added 2005/02/09 5:0 a.m.•120 views

CVE-2004-0940

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

7.8CVSS8AI score0.04161EPSS

CVE•added 2005/07/14 4:0 a.m.•106 views

CVE-2001-1556

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

5CVSS6.9AI score0.03202EPSS

CVE•added 2005/07/05 4:0 a.m.•104 views

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length ...

4.3CVSS5.8AI score0.81401EPSS

CVE•added 2005/10/25 5:6 p.m.•72 views

CVE-2005-2970

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

5CVSS6.2AI score0.08033EPSS

CVE•added 2005/07/14 4:0 a.m.•71 views

CVE-2001-1534

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

2.1CVSS6.4AI score0.00146EPSS

CVE•added 2005/02/09 5:0 a.m.•71 views

CVE-2004-0942

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

5CVSS9AI score0.81382EPSS

CVE•added 2005/08/16 4:0 a.m.•61 views

CVE-2004-2343

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict...

7.2CVSS6.3AI score0.0007EPSS