Http Server Security Vulnerabilities and Issues — Http Server CVE List

Lucene search

ApacheHttp Server

11 matches found

CVE•added 2004/09/01 4:0 a.m.•180 views

CVE-2003-0020

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

5CVSS7.7AI score0.32162EPSS

CVE•added 2004/09/01 4:0 a.m.•133 views

CVE-2003-0993

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.

7.5CVSS7.3AI score0.13904EPSS

CVE•added 2004/09/01 4:0 a.m.•131 views

CVE-2002-0840

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vuln...

6.8CVSS8.4AI score0.88769EPSS

CVE•added 2004/09/01 4:0 a.m.•80 views

CVE-2003-0016

Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.

7.5CVSS7.7AI score0.39516EPSS

CVE•added 2004/09/01 4:0 a.m.•76 views

CVE-2004-0113

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.

5CVSS7.3AI score0.17871EPSS

CVE•added 2004/09/17 4:0 a.m.•72 views

CVE-2004-0809

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

5CVSS7.2AI score0.11986EPSS

CVE•added 2004/09/01 4:0 a.m.•64 views

CVE-1999-1199

Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.

10CVSS6.9AI score0.05541EPSS

CVE•added 2004/09/01 4:0 a.m.•63 views

CVE-2004-0173

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

5CVSS7.1AI score0.3703EPSS

CVE•added 2004/09/01 4:0 a.m.•60 views

CVE-2003-0017

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.

5CVSS6.6AI score0.06274EPSS

CVE•added 2004/09/01 4:0 a.m.•46 views

CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.

5CVSS6.4AI score0.23894EPSS

CVE•added 2004/09/01 4:0 a.m.•36 views

CVE-2001-0042

PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

5CVSS7.2AI score0.24004EPSS