11 matches found
CVE-1999-1412
CVE-1999-1412 describes a DoS risk from an interaction between MacOS X 1.0 and Apache HTTP server, where a flood of HTTP GET requests to CGI programs can spawn many processes on affected systems. Connected sources provide concrete details indicating the issue relates to the Apache httpd component...
CVE-1999-1237
CVE-1999-1237 describes multiple buffer overflows in the smbvalid/smbval SMB authentication library, as used by Apache::AuthenSmb and potentially other modules. The vulnerability allows remote attackers to execute arbitrary commands by sending excessively long usernames, passwords, or via other u...
CVE-2007-0086
CVE-2007-0086 targets the Apache HTTP Server. The documented effect is a denial of service caused by a Range header that can cause network bandwidth consumption when a TCP connection is opened with a large window size, via multiple copies of the same fragment. The connected documents provide conc...
CVE-2007-0450
CVE-2007-0450 is a directory traversal vulnerability affecting Apache Tomcat (and Tomcat behind certain Apache proxies) where a crafted URI containing a dot-dot sequence and mixed separators (/, , and %5C) can cause unauthorized disclosure of arbitrary files. Affected products/versions include To...
CVE-2007-6423
The CVE-2007-6423 issue concerns Apache HTTP Server 2.2.x on Windows, where mod_proxy_balancer could trigger memory corruption through a long URL. The Red Hat advisory notes the vulnerability as unspecified and unreproducible by the vendor, while Red Hat indicates that Apache 2.2.7-dev contains a...
CVE-1999-0678
CVE-1999-0678 affects the Apache server configured on Debian GNU/Linux where the default ServerRoot is /usr/doc. This misconfiguration allows remote users to read documentation files for the entire server via the web interface. The issue is caused by serving the /usr/doc directory as part of the ...
CVE-2007-6422
CVE-2007-6422 affects Apache HTTP Server 2.2.0–2.2.6 when using a threaded MPM. The vulnerability in the mod_proxy_balancer module allows remote authenticated users to cause a denial of service by triggering a crash of the Apache child process via an invalid bb variable. This is documented in mul...
CVE-2007-6421
CVE-2007-6421 is an XSS vulnerability in Apache HTTP Server 2.2.0–2.2.6 within the balancer-manager component of mod_proxy_balancer. An attacker could inject arbitrary script/HTML via the (1) ss, (2) wr, or (3) rr parameters, or via the URL. Affected product: Apache httpd 2.2.x (balancer-manager)...
CVE-2008-2168
CVE-2008-2168 : The linked SUSE/NVD entries describe a cross-site scripting (XSS) vulnerability in Apache HTTP Server up to version 2.2.6 and earlier, exploitable via UTF-7 encoded URLs that are mishandled when rendering the 403 Forbidden error page. Attacker-provided URL input can inject arbitra...
CVE-2025-3891
CVE-2025-3891 affects the Apache httpd mod_auth_openidc module. A remote, unauthenticated attacker can cause a DoS by sending an empty POST when the OIDCPreservePost directive is enabled, crashing the server and impacting availability. Evidence from multiple advisories confirms the issue and ment...
CVE-1999-0289
The CVE-1999-0289 entry concerns the Apache HTTP Server for Win32. Affected component: the Web server handling URLs; issue described as: the server may provide access to restricted files when a "." is appended to a requested URL. The core impact is restricted-file disclosure. Public details acros...