Lucene search

K
ApacheHttp Server1.3.6

13 matches found

CVE
CVE
added 2011/12/27 6:55 p.m.2366 views

CVE-2007-6750

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

5CVSS7AI score0.87652EPSS
CVE
CVE
added 2011/10/05 10:55 p.m.1019 views

CVE-2011-3368

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to i...

5CVSS9.2AI score0.79132EPSS
CVE
CVE
added 2011/11/30 4:5 a.m.796 views

CVE-2011-4317

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

4.3CVSS9.4AI score0.8939EPSS
CVE
CVE
added 2003/11/03 5:0 a.m.192 views

CVE-2003-0542

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

7.2CVSS7.8AI score0.00523EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.176 views

CVE-2004-1082

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

7.5CVSS8.1AI score0.05469EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.133 views

CVE-2003-0993

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.

7.5CVSS7.3AI score0.05667EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.131 views

CVE-2002-0840

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vuln...

6.8CVSS8.4AI score0.91802EPSS
CVE
CVE
added 2002/10/11 4:0 a.m.93 views

CVE-2002-0843

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

7.5CVSS9.5AI score0.03812EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.76 views

CVE-2000-0505

The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.

5CVSS6.6AI score0.46366EPSS
CVE
CVE
added 2004/11/23 5:0 a.m.68 views

CVE-2004-0263

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

5CVSS6.5AI score0.01657EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.66 views

CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which d...

4.3CVSS6.6AI score0.05698EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.66 views

CVE-2002-1658

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htd...

4.6CVSS8.3AI score0.00202EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.49 views

CVE-2001-1449

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.

7.5CVSS6.8AI score0.05425EPSS