9 matches found
CVE-2012-2687
Apache HTTP Server 2.4.x before 2.4.3 is affected by CVE-2012-2687 due to XSS in the mod_negotiation make_variant_list function (mod_negotiation.c) when MultiViews is enabled. The vulnerability arises from improper handling of crafted filenames during variant list construction, allowing remote at...
CVE-2012-0021
CVE-2012-0021 affects Apache HTTP Server 2.2.17–2.2.21 when using a threaded MPM. The log_cookie function mishandles a %{}C format string in cookies, enabling a remote attacker to cause a denial of service (daemon crash) by sending a cookie with no name and no value. Connected sources (F5 advisor...
CVE-2008-0456
CVE-2008-0456 : CRLF injection in the mod_negotiation module of Apache HTTP Server (versions 2.2.x up to 2.2.6, 2.0.x up to 2.0.61, and 1.3.x up to 1.3.39) allows remote authenticated users to upload a file with a multi-line name containing HTTP header sequences, enabling injection into HTTP resp...
CVE-2009-3094
The CVE-2009-3094 issue affects Apache HTTP Server’s mod_proxy_ftp (ap_proxy_ftp_handler in proxy modules) and is caused by insufficient input validation in responses to EPSV commands. This allowed remote FTP servers to trigger a NULL pointer dereference, crashing a child httpd process and causin...
CVE-2001-1534
CVE-2001-1534 affects Apache with the mod_usertrack module (versions 1.3.11–1.3.20). The vulnerability arises from generating session IDs with predictable information (host IP, system time, server PID), enabling local users to obtain session IDs and bypass authentication when those IDs are used f...
CVE-2004-1834
The CVE-2004-1834 issue affects mod_disk_cache in Apache 2.0–2.0.49, which stores client headers (including authentication information) on disk, potentially allowing local users to access sensitive data. The provided documents confirm the vulnerability description but do not specify a concrete fi...
CVE-2002-1233
CVE-2002-1233 applies to Debian’s apache-ssl packages, where a regression in Apache 1.3.27 and earlier (Debian 2.2 before 1.3.9, Debian 3.0 before 1.3.26) allows local attackers to read or modify the Apache password file via a symlink attack when running htpasswd or htdigest. The issue reintroduc...
CVE-2003-1581
CVE-2003-1581 affects Apache HTTP Server 2.0.44: when DNS resolution is enabled for client IPs, remote attackers can inject arbitrary text into log files via an HTTP request paired with a crafted DNS response, demonstrated as XSS sequences (Inverse Lookup Log Corruption). The connected sources co...
CVE-2004-1387
The CVE-2004-1387 entry concerns the apache-utils package, specifically the check_forensic script (version 1.3.31). The vulnerability allows a local user to overwrite or create arbitrary files via a symlink attack on temporary files, with the underlying root cause being improper handling of tempo...