Http Server Security Vulnerabilities and Issues — Http Server CVE List

Lucene search

ApacheHttp Server

9 matches found

CVE•added 2012/08/22 7:55 p.m.•1222 views

CVE-2012-2687

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted f...

2.6CVSS5.5AI score0.05337EPSS

CVE•added 2012/01/28 4:5 a.m.•257 views

CVE-2012-0021

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks bot...

2.6CVSS8.8AI score0.3296EPSS

CVE•added 2008/01/25 1:0 a.m.•246 views

CVE-2008-0456

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response...

2.6CVSS7.2AI score0.17838EPSS

CVE•added 2009/09/08 6:30 p.m.•162 views

CVE-2009-3094

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.

2.6CVSS6.4AI score0.02833EPSS

CVE•added 2005/07/14 4:0 a.m.•71 views

CVE-2001-1534

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

2.1CVSS6.4AI score0.00146EPSS

CVE•added 2005/05/10 4:0 a.m.•71 views

CVE-2004-1834

mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.

2.1CVSS6.6AI score0.00212EPSS

CVE•added 2002/11/04 5:0 a.m.•62 views

CVE-2002-1233

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1...

2.6CVSS5.9AI score0.00115EPSS

CVE•added 2010/02/05 10:30 p.m.•52 views

CVE-2003-1581

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corrup...

2.6CVSS6.2AI score0.01111EPSS

CVE•added 2005/02/06 5:0 a.m.•38 views

CVE-2004-1387

The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

2.1CVSS6.7AI score0.00242EPSS