Lucene search
K
ApacheHttp Server2.0.0

13 matches found

CVE
CVE
•added 2012/01/28 2:0 a.m.•1198 views

CVE-2012-0053

CVE-2012-0053 affects Apache HTTP Server 2.2.x up to 2.2.21. The flaw in protocol.c during 400 error page construction can reveal HTTPOnly cookie values via long/malformed headers with crafted scripts. Remediation per advisories: upgrade to 2.2.22 or later (e.g., httpd 2.2.22).

4.3CVSS6.2AI score0.82756EPSS
CVE
CVE
•added 2013/06/10 5:0 p.m.•1165 views

CVE-2013-1862

CVE-2013-1862 affects Apache HTTP Server 2.2.x up to 2.2.24, where mod_rewrite writes log data without sanitizing non‑printable characters. This can allow a remote attacker to execute arbitrary commands by sending an HTTP request containing an escape sequence for a terminal emulator, with some so...

5.1CVSS6.9AI score0.24886EPSS
CVE
CVE
•added 2012/01/18 8:0 p.m.•829 views

CVE-2012-0031

CVE-2012-0031 affects Apache HTTP Server 2.2.21 and earlier, specifically scoreboard.c. The vulnerability allows local users to cause a denial of service (daemon crash during shutdown) or potentially other unspecified impact by modifying a type field in a shared scoreboard Memory segment, which l...

4.6CVSS7AI score0.02905EPSS
CVE
CVE
•added 2011/05/16 5:0 p.m.•757 views

CVE-2011-0419

CVE-2011-0419 is a stack consumption/DoS vulnerability in the APR library’s fnmatch implementation (apr_fnmatch.c) and, for some platforms, in libc’s fnmatch.c. It affects APR < 1.4.3 and Apache HTTP Server

4.3CVSS7.7AI score0.30406EPSS
CVE
CVE
•added 2007/06/27 5:0 p.m.•237 views

CVE-2006-5752

CVE-2006-5752 is a cross-site scripting (XSS) vulnerability in the Apache HTTP Server mod_status component when ExtendedStatus is enabled and a public server-status page is used. The issue arises via browsers performing charset detection when the content-type is not specified, allowing remote att...

4.3CVSS5.7AI score0.27783EPSS
CVE
CVE
•added 2003/04/02 5:0 a.m.•223 views

CVE-2002-0392

Affected software: Apache HTTP Server 1.3.x (up to 1.3.24) and 2.0.x (up to 2.0.36). The vulnerability arises from processing chunk-encoded HTTP requests, causing Apache to compute an incorrect size, which can lead to a remote denial of service and, in some reports, potential arbitrary code execu...

7.5CVSS7.4AI score0.95027EPSS
Web
CVE
CVE
•added 2007/09/14 12:0 a.m.•214 views

CVE-2007-4465

The CVE-2007-4465 entry covers an XSS in Apache httpd’s mod_autoindex.c (pre-2.2.6) where an undefined page charset allows injection via the P parameter using UTF-7. Impact is cross-site scripting; remediation is to upgrade Apache httpd to 2.2.6 or newer (as per the cited advisory). The descripti...

6.1CVSS5.4AI score0.26188EPSS
CVE
CVE
•added 2004/09/01 4:0 a.m.•207 views

CVE-2003-0020

CVE-2003-0020 concerns Apache HTTP Server: the product does not filter terminal escape sequences from error logs, enabling potential insertion of escape sequences into terminal emulators vulnerable to such sequences. Connected documents show multiple related CVEs affecting different Apache branch...

5CVSS7.7AI score0.10872EPSS
CVE
CVE
•added 2007/06/20 10:0 p.m.•178 views

CVE-2007-3304

CVE-2007-3304 affects Apache HTTP Server (httpd) with the Prefork MPM. The issue arises when a local attacker can modify the scoreboard arrays (worker_score and process_score) to reference another process, enabling the master process to send SIGUSR1 and terminate that process, potentially causing...

4.7CVSS6.2AI score0.03298EPSS
CVE
CVE
•added 2005/07/14 4:0 a.m.•142 views

CVE-2001-1556

Technical details for CVE-2001-1556 are not publicly provided in the connected documents. Monitor for updates.

5CVSS6.9AI score0.03564EPSS
CVE
CVE
•added 2003/04/02 5:0 a.m.•142 views

CVE-2002-0061

Apache HTTP Server on Windows (Win32) is vulnerable prior to versions 1.3.24 and 2.0.x prior to 2.0.34-beta. The flaw allows remote attackers to execute arbitrary commands by sending shell metacharacters (a pipe |) as arguments to batch (.bat) or .cmd scripts, which reach the shell interpreter (c...

7.5CVSS7.5AI score0.50371EPSS
Web
CVE
CVE
•added 2003/03/28 5:0 a.m.•138 views

CVE-2003-0083

CVE-2003-0083 affects Apache 1.3.x (before 1.3.25) and Apache 2.0.x (before 2.0.46). The issue is that terminal escape sequences are not filtered from access logs, enabling insertion of escape sequences into terminal emulators vulnerable to such sequences. This is a separate vulnerability from CV...

5CVSS6.3AI score0.17413EPSS
CVE
CVE
•added 2003/04/03 5:0 a.m.•119 views

CVE-2003-0132

CVE-2003-0132: Apache 2.0 up to 2.0.44 is vulnerable to a memory-leak DoS via large sequences of linefeed characters. The issue arises because Apache may allocate memory (about 80 bytes per linefeed), enabling remote denial-of-service. OpenVAS entries summarize the vulnerability as a linefeed mem...

5CVSS6.2AI score0.86677EPSS