Lucene search
+L

17 matches found

CVE
CVE
added 2007/10/20 10:0 a.m.1271 views

CVE-2003-1418

CVE-2003-1418 affects Apache HTTP Server 1.3.22–1.3.27 on OpenBSD. The root cause is information disclosure via (1) ETag headers that reveal inode numbers and (2) multipart MIME boundaries that reveal child process IDs (PIDs). Practical impact is partial information disclosure that can aid reconn...

4.3CVSS7.4AI score0.06581EPSS
CVE
CVE
added 2007/01/05 6:0 p.m.385 views

CVE-2007-0086

CVE-2007-0086 targets the Apache HTTP Server. The documented effect is a denial of service caused by a Range header that can cause network bandwidth consumption when a TCP connection is opened with a large window size, via multiple copies of the same fragment. The connected documents provide conc...

7.8CVSS7.3AI score0.09619EPSS
In wild
CVE
CVE
added 2007/03/16 10:0 p.m.368 views

CVE-2007-0450

CVE-2007-0450 is a directory traversal vulnerability affecting Apache Tomcat (and Tomcat behind certain Apache proxies) where a crafted URI containing a dot-dot sequence and mixed separators (/, , and %5C) can cause unauthorized disclosure of arbitrary files. Affected products/versions include To...

5CVSS6.2AI score0.90768EPSS
Web
CVE
CVE
added 2007/12/13 6:0 p.m.366 views

CVE-2007-5000

CVE-2007-5000 affects Apache HTTP Server mod_imap and mod_imagemap (v1.3.0–1.3.39 and v2.0.35–2.0.61). The flaw is due to insufficient input validation, allowing remote script/HTML injection via unspecified vectors. Public advisories note fixes in later Apache releases (and related packages); mit...

4.3CVSS8AI score0.46603EPSS
CVE
CVE
added 2007/12/03 10:0 p.m.299 views

CVE-2007-6203

Apache HTTP Server 2.0.x and 2.2.x are affected by CVE-2007-6203, where the HTTP Method header is not sanitized when reflected in a 413 Response, enabling cross-site scripting-like attacks via headers sent by the client. The root cause is lack of sanitization of the Method specifier header in suc...

4.3CVSS7.6AI score0.80749EPSS
CVE
CVE
added 2007/10/18 10:0 a.m.282 views

CVE-2002-2272

CVE-2002-2272 affects Tomcat 4.0–4.1.12 when using mod_jk 1.2.1 with Apache 1.3–1.3.27. A remote attacker can cause a denial of service by sending an HTTP GET request that uses a Transfer-Encoding chunked field with invalid values, leading to desynchronized communications between Apache and Tomca...

7.8CVSS6.7AI score0.09681EPSS
CVE
CVE
added 2007/04/13 4:0 p.m.272 views

CVE-2007-1741

CVE-2007-1741 affects Apache HTTP Server (httpd) and its suexec module (v2.2.3). The issue comprises multiple race conditions between directory/file validation and their usage in suexec, enabling local users to gain privileges and execute arbitrary code by renaming directories or performing symli...

6.2CVSS7.2AI score0.00516EPSS
CVE
CVE
added 2007/06/27 5:0 p.m.241 views

CVE-2006-5752

CVE-2006-5752 is a cross-site scripting (XSS) vulnerability in the Apache HTTP Server mod_status component when ExtendedStatus is enabled and a public server-status page is used. The issue arises via browsers performing charset detection when the content-type is not specified, allowing remote att...

4.3CVSS5.7AI score0.27783EPSS
CVE
CVE
added 2007/09/14 12:0 a.m.217 views

CVE-2007-4465

The CVE-2007-4465 entry covers an XSS in Apache httpd’s mod_autoindex.c (pre-2.2.6) where an undefined page charset allows injection via the P parameter using UTF-7. Impact is cross-site scripting; remediation is to upgrade Apache httpd to 2.2.6 or newer (as per the cited advisory). The descripti...

6.1CVSS5.4AI score0.26188EPSS
CVE
CVE
added 2007/06/20 10:0 p.m.184 views

CVE-2007-3304

CVE-2007-3304 affects Apache HTTP Server (httpd) with the Prefork MPM. The issue arises when a local attacker can modify the scoreboard arrays (worker_score and process_score) to reference another process, enabling the master process to send SIGUSR1 and terminate that process, potentially causing...

4.7CVSS6.2AI score0.03298EPSS
CVE
CVE
added 2007/04/13 5:0 p.m.168 views

CVE-2007-1743

CVE-2007-1743 affects Apache HTTP Server (httpd) with the suexec module. The issue is that suexec (in httpd 2.2.3) does not verify combinations of user and group IDs on the command line, which might allow a local user to leverage other vulnerabilities to create arbitrary UID/GID–owned files if /p...

4.4CVSS6.5AI score0.00703EPSS
CVE
CVE
added 2007/08/23 10:0 p.m.160 views

CVE-2007-3847

CVE-2007-3847 affects Apache httpd 2.3.x (mod_proxy) where the date handling in modules/proxy/proxy_util.c under a threaded MPM can be triggered by crafted date headers, causing a buffer over-read and remote denial of service (caching forward proxy process crash). The linked advisories indicate t...

5CVSS9.2AI score0.12901EPSS
CVE
CVE
added 2007/04/13 5:0 p.m.155 views

CVE-2007-1742

Apache HTTP Server (httpd) 2.2.3’s suexec uses a partial path comparison to determine if the current directory is within the document root. This may allow local users to operate on incorrect directories under an html directory (e.g., html_backup/htmleditor). The issue is described across multiple...

3.7CVSS6AI score0.00687EPSS
CVE
CVE
added 2007/06/27 5:0 p.m.102 views

CVE-2007-1863

CVE-2007-1863 affects the Apache HTTP Server, specifically the mod_cache module. When caching is enabled and using a threaded MPM, a crafted request containing one of the Cache-Control headers (s-maxage, max-age, min-fresh, or max-stale) without a value can crash the Apache child process, causing...

5CVSS6.2AI score0.11786EPSS
CVE
CVE
added 2007/12/21 10:0 p.m.97 views

CVE-2007-6514

CVE-2007-6514 affects Apache HTTP Server when run on Linux with a document root on a Windows SMB share mounted via smbfs. The vulnerability arises from a trailing backslash () not being handled by the AddType directive, allowing remote attackers to disclose unprocessed contents of PHP files (e.g....

4.3CVSS6.6AI score0.38042EPSS
CVE
CVE
added 2007/06/04 11:0 p.m.89 views

CVE-2007-1862

The CVE-2007-1862 issue affects Apache 2.2.4’s mod_mem_cache recall_headers, where not all header levels are copied, potentially causing HTTP responses to include previously used data. This could lead to information disclosure to remote attackers. Connected advisories confirm affected packages an...

5CVSS6AI score0.05909EPSS
CVE
CVE
added 2007/06/20 10:0 p.m.79 views

CVE-2007-3303

CVE-2007-3303 affects Apache httpd 2.0.59 and 2.2.4 with the Prefork MPM. The described issue arises from certain code sequences executed in a worker process, which can either stop request processing by killing all workers and preventing replacements, or cause the master process to fork an arbitr...

4.9CVSS6.3AI score0.0089EPSS