13 matches found
CVE-2012-0053
CVE-2012-0053 affects Apache HTTP Server 2.2.x up to 2.2.21. The flaw in protocol.c during 400 error page construction can reveal HTTPOnly cookie values via long/malformed headers with crafted scripts. Remediation per advisories: upgrade to 2.2.22 or later (e.g., httpd 2.2.22).
CVE-2013-1862
CVE-2013-1862 affects Apache HTTP Server 2.2.x up to 2.2.24, where mod_rewrite writes log data without sanitizing non‑printable characters. This can allow a remote attacker to execute arbitrary commands by sending an HTTP request containing an escape sequence for a terminal emulator, with some so...
CVE-2012-0031
CVE-2012-0031 affects Apache HTTP Server 2.2.21 and earlier, specifically scoreboard.c. The vulnerability allows local users to cause a denial of service (daemon crash during shutdown) or potentially other unspecified impact by modifying a type field in a shared scoreboard Memory segment, which l...
CVE-2011-0419
CVE-2011-0419 is a stack consumption/DoS vulnerability in the APR library’s fnmatch implementation (apr_fnmatch.c) and, for some platforms, in libc’s fnmatch.c. It affects APR < 1.4.3 and Apache HTTP Server
CVE-2006-5752
CVE-2006-5752 is a cross-site scripting (XSS) vulnerability in the Apache HTTP Server mod_status component when ExtendedStatus is enabled and a public server-status page is used. The issue arises via browsers performing charset detection when the content-type is not specified, allowing remote att...
CVE-2002-0392
Affected software: Apache HTTP Server 1.3.x (up to 1.3.24) and 2.0.x (up to 2.0.36). The vulnerability arises from processing chunk-encoded HTTP requests, causing Apache to compute an incorrect size, which can lead to a remote denial of service and, in some reports, potential arbitrary code execu...
CVE-2007-4465
The CVE-2007-4465 entry covers an XSS in Apache httpd’s mod_autoindex.c (pre-2.2.6) where an undefined page charset allows injection via the P parameter using UTF-7. Impact is cross-site scripting; remediation is to upgrade Apache httpd to 2.2.6 or newer (as per the cited advisory). The descripti...
CVE-2003-0020
CVE-2003-0020 concerns Apache HTTP Server: the product does not filter terminal escape sequences from error logs, enabling potential insertion of escape sequences into terminal emulators vulnerable to such sequences. Connected documents show multiple related CVEs affecting different Apache branch...
CVE-2007-3304
CVE-2007-3304 affects Apache HTTP Server (httpd) with the Prefork MPM. The issue arises when a local attacker can modify the scoreboard arrays (worker_score and process_score) to reference another process, enabling the master process to send SIGUSR1 and terminate that process, potentially causing...
CVE-2001-1556
Technical details for CVE-2001-1556 are not publicly provided in the connected documents. Monitor for updates.
CVE-2002-0061
Apache HTTP Server on Windows (Win32) is vulnerable prior to versions 1.3.24 and 2.0.x prior to 2.0.34-beta. The flaw allows remote attackers to execute arbitrary commands by sending shell metacharacters (a pipe |) as arguments to batch (.bat) or .cmd scripts, which reach the shell interpreter (c...
CVE-2003-0083
CVE-2003-0083 affects Apache 1.3.x (before 1.3.25) and Apache 2.0.x (before 2.0.46). The issue is that terminal escape sequences are not filtered from access logs, enabling insertion of escape sequences into terminal emulators vulnerable to such sequences. This is a separate vulnerability from CV...
CVE-2003-0132
CVE-2003-0132: Apache 2.0 up to 2.0.44 is vulnerable to a memory-leak DoS via large sequences of linefeed characters. The issue arises because Apache may allocate memory (about 80 bytes per linefeed), enabling remote denial-of-service. OpenVAS entries summarize the vulnerability as a linefeed mem...