6 matches found
CVE-2006-3747
CVE-2006-3747 describes an off-by-one error in the LDAP scheme handling of Apache’s mod_rewrite. The issue affects Apache versions with RewriteEngine enabled and certain LDAP URL rules, allowing remote attackers to trigger a denial of service and potentially execute arbitrary code. Affected range...
CVE-2006-3918
CVE-2006-3918 is an Apache HTTP Server/IBM HTTP Server issue where the HTTP Expect header is not sanitized when echoed back in error messages, enabling potential cross-site scripting via headers (as demonstrated with Flash/other clients). Affected products and versions include Apache HTTP Server ...
CVE-2006-4154
CVE-2006-4154 describes a format-string vulnerability in the Apache mod_tcl module (version 1.0 for Apache 2.x). The root cause is format string handling in calls to set_var (in tcl_cmds.c and tcl_core.c), allowing a remote attacker to execute arbitrary code with the httpd process privileges. Aff...
CVE-2006-4110
CVE-2006-4110 affects Apache 2.2.2 running on Windows. An information-disclosure vulnerability arises when the CGI directory is within the document root: requests that alter the case of the directory name bypass the ScriptAlias handler on a case-insensitive filesystem, allowing attackers to read ...
CVE-2005-3357
CVE-2005-3357 affects mod_ssl in Apache 2.0 up to 2.0.55; when using an SSL vhost with access control and a custom 400 error page, a non-SSL request to an SSL port can trigger a NULL pointer dereference, causing a denial of service. Remediation/version is not specified in the provided documents.
CVE-2003-1307
Summary: CVE-2003-1307 affects the mod_php module of the Apache HTTP Server. Vulnerability: Local users with write access to PHP scripts can signal the server’s process group and manipulate server file descriptors, demonstrated by sending a STOP signal and intercepting connections on the server’s...