Lucene search
K
ApacheHttp Server

9 matches found

CVE
CVE
added 2012/08/22 7:0 p.m.1280 views

CVE-2012-2687

Apache HTTP Server 2.4.x before 2.4.3 is affected by CVE-2012-2687 due to XSS in the mod_negotiation make_variant_list function (mod_negotiation.c) when MultiViews is enabled. The vulnerability arises from improper handling of crafted filenames during variant list construction, allowing remote at...

2.6CVSS5.5AI score0.22515EPSS
CVE
CVE
added 2012/01/28 2:0 a.m.289 views

CVE-2012-0021

CVE-2012-0021 affects Apache HTTP Server 2.2.17–2.2.21 when using a threaded MPM. The log_cookie function mishandles a %{}C format string in cookies, enabling a remote attacker to cause a denial of service (daemon crash) by sending a cookie with no name and no value. Connected sources (F5 advisor...

2.6CVSS8.8AI score0.30809EPSS
CVE
CVE
added 2008/01/25 12:0 a.m.284 views

CVE-2008-0456

CVE-2008-0456 : CRLF injection in the mod_negotiation module of Apache HTTP Server (versions 2.2.x up to 2.2.6, 2.0.x up to 2.0.61, and 1.3.x up to 1.3.39) allows remote authenticated users to upload a file with a multi-line name containing HTTP header sequences, enabling injection into HTTP resp...

2.6CVSS7.2AI score0.19036EPSS
CVE
CVE
added 2009/09/08 6:0 p.m.200 views

CVE-2009-3094

The CVE-2009-3094 issue affects Apache HTTP Server’s mod_proxy_ftp (ap_proxy_ftp_handler in proxy modules) and is caused by insufficient input validation in responses to EPSV commands. This allowed remote FTP servers to trigger a NULL pointer dereference, crashing a child httpd process and causin...

2.6CVSS6.4AI score0.08566EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.97 views

CVE-2001-1534

CVE-2001-1534 affects Apache with the mod_usertrack module (versions 1.3.11–1.3.20). The vulnerability arises from generating session IDs with predictable information (host IP, system time, server PID), enabling local users to obtain session IDs and bypass authentication when those IDs are used f...

2.1CVSS6.4AI score0.00703EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.94 views

CVE-2004-1834

The CVE-2004-1834 issue affects mod_disk_cache in Apache 2.0–2.0.49, which stores client headers (including authentication information) on disk, potentially allowing local users to access sensitive data. The provided documents confirm the vulnerability description but do not specify a concrete fi...

2.1CVSS6.6AI score0.035EPSS
CVE
CVE
added 2002/10/25 4:0 a.m.80 views

CVE-2002-1233

CVE-2002-1233 applies to Debian’s apache-ssl packages, where a regression in Apache 1.3.27 and earlier (Debian 2.2 before 1.3.9, Debian 3.0 before 1.3.26) allows local attackers to read or modify the Apache password file via a symlink attack when running htpasswd or htdigest. The issue reintroduc...

2.6CVSS5.9AI score0.00564EPSS
CVE
CVE
added 2010/02/05 10:13 p.m.68 views

CVE-2003-1581

CVE-2003-1581 affects Apache HTTP Server 2.0.44: when DNS resolution is enabled for client IPs, remote attackers can inject arbitrary text into log files via an HTTP request paired with a crafted DNS response, demonstrated as XSS sequences (Inverse Lookup Log Corruption). The connected sources co...

2.6CVSS6.2AI score0.0308EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.49 views

CVE-2004-1387

The CVE-2004-1387 entry concerns the apache-utils package, specifically the check_forensic script (version 1.3.31). The vulnerability allows a local user to overwrite or create arbitrary files via a symlink attack on temporary files, with the underlying root cause being improper handling of tempo...

2.1CVSS6.7AI score0.00549EPSS