17 matches found
CVE-2003-1418
CVE-2003-1418 affects Apache HTTP Server 1.3.22–1.3.27 on OpenBSD. The root cause is information disclosure via (1) ETag headers that reveal inode numbers and (2) multipart MIME boundaries that reveal child process IDs (PIDs). Practical impact is partial information disclosure that can aid reconn...
CVE-2007-0086
CVE-2007-0086 targets the Apache HTTP Server. The documented effect is a denial of service caused by a Range header that can cause network bandwidth consumption when a TCP connection is opened with a large window size, via multiple copies of the same fragment. The connected documents provide conc...
CVE-2007-0450
CVE-2007-0450 is a directory traversal vulnerability affecting Apache Tomcat (and Tomcat behind certain Apache proxies) where a crafted URI containing a dot-dot sequence and mixed separators (/, , and %5C) can cause unauthorized disclosure of arbitrary files. Affected products/versions include To...
CVE-2007-5000
CVE-2007-5000 affects Apache HTTP Server mod_imap and mod_imagemap (v1.3.0–1.3.39 and v2.0.35–2.0.61). The flaw is due to insufficient input validation, allowing remote script/HTML injection via unspecified vectors. Public advisories note fixes in later Apache releases (and related packages); mit...
CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x are affected by CVE-2007-6203, where the HTTP Method header is not sanitized when reflected in a 413 Response, enabling cross-site scripting-like attacks via headers sent by the client. The root cause is lack of sanitization of the Method specifier header in suc...
CVE-2002-2272
CVE-2002-2272 affects Tomcat 4.0–4.1.12 when using mod_jk 1.2.1 with Apache 1.3–1.3.27. A remote attacker can cause a denial of service by sending an HTTP GET request that uses a Transfer-Encoding chunked field with invalid values, leading to desynchronized communications between Apache and Tomca...
CVE-2007-1741
CVE-2007-1741 affects Apache HTTP Server (httpd) and its suexec module (v2.2.3). The issue comprises multiple race conditions between directory/file validation and their usage in suexec, enabling local users to gain privileges and execute arbitrary code by renaming directories or performing symli...
CVE-2006-5752
CVE-2006-5752 is a cross-site scripting (XSS) vulnerability in the Apache HTTP Server mod_status component when ExtendedStatus is enabled and a public server-status page is used. The issue arises via browsers performing charset detection when the content-type is not specified, allowing remote att...
CVE-2007-4465
The CVE-2007-4465 entry covers an XSS in Apache httpd’s mod_autoindex.c (pre-2.2.6) where an undefined page charset allows injection via the P parameter using UTF-7. Impact is cross-site scripting; remediation is to upgrade Apache httpd to 2.2.6 or newer (as per the cited advisory). The descripti...
CVE-2007-3304
CVE-2007-3304 affects Apache HTTP Server (httpd) with the Prefork MPM. The issue arises when a local attacker can modify the scoreboard arrays (worker_score and process_score) to reference another process, enabling the master process to send SIGUSR1 and terminate that process, potentially causing...
CVE-2007-1743
CVE-2007-1743 affects Apache HTTP Server (httpd) with the suexec module. The issue is that suexec (in httpd 2.2.3) does not verify combinations of user and group IDs on the command line, which might allow a local user to leverage other vulnerabilities to create arbitrary UID/GID–owned files if /p...
CVE-2007-3847
CVE-2007-3847 affects Apache httpd 2.3.x (mod_proxy) where the date handling in modules/proxy/proxy_util.c under a threaded MPM can be triggered by crafted date headers, causing a buffer over-read and remote denial of service (caching forward proxy process crash). The linked advisories indicate t...
CVE-2007-1742
Apache HTTP Server (httpd) 2.2.3’s suexec uses a partial path comparison to determine if the current directory is within the document root. This may allow local users to operate on incorrect directories under an html directory (e.g., html_backup/htmleditor). The issue is described across multiple...
CVE-2007-1863
CVE-2007-1863 affects the Apache HTTP Server, specifically the mod_cache module. When caching is enabled and using a threaded MPM, a crafted request containing one of the Cache-Control headers (s-maxage, max-age, min-fresh, or max-stale) without a value can crash the Apache child process, causing...
CVE-2007-6514
CVE-2007-6514 affects Apache HTTP Server when run on Linux with a document root on a Windows SMB share mounted via smbfs. The vulnerability arises from a trailing backslash () not being handled by the AddType directive, allowing remote attackers to disclose unprocessed contents of PHP files (e.g....
CVE-2007-1862
The CVE-2007-1862 issue affects Apache 2.2.4’s mod_mem_cache recall_headers, where not all header levels are copied, potentially causing HTTP responses to include previously used data. This could lead to information disclosure to remote attackers. Connected advisories confirm affected packages an...
CVE-2007-3303
CVE-2007-3303 affects Apache httpd 2.0.59 and 2.2.4 with the Prefork MPM. The described issue arises from certain code sequences executed in a worker process, which can either stop request processing by killing all workers and preventing replacements, or cause the master process to fork an arbitr...