22 matches found
CVE-2010-0425
CVE-2010-0425 affects Apache HTTP Server on Windows with ISAPI module mod_isapi (DLLs in 2.0.37–2.0.63, 2.2.0–2.2.14, and 2.3.x before 2.3.7). Root cause: mod_isapi may unload an ISAPI DLL before request processing finishes, causing memory corruption. Impact: remote code execution or denial of se...
CVE-2004-0492
Apache mod_proxy vulnerability CVE-2004-0492 is a heap-based overflow in proxy_util.c affecting Apache 1.3.25–1.3.31. A remote attacker can trigger a denial of service (process crash) and possibly execute arbitrary code by sending a negative Content-Length header, causing excessive data copy. The...
CVE-2004-1082
CVE-2004-1082 affects Apache 1.3.31 and 1.3.32 on Mac OS X Server. The vulnerability arises in mod_digest_apple where the server does not properly verify the nonce in a client response, allowing remote attackers to replay credentials. The NVD entry (CVSS v2 base score 7.5, HIGH) indicates a netwo...
CVE-2023-32342
CVE-2023-32342 is a timing-based side-channel vulnerability in IBM GSKit’s RSA Decryption. The IBM bulletins show this can lead to information disclosure and affect multiple IBM products that ship GSKit (e.g., Db2, Informix, Sterling, Datacap, and related containers). Root cause: timing differenc...
CVE-2015-4947
CVE-2015-4947 is a stack-based buffer overflow in the IBM HTTP Server Administration Server, affecting IBM HTTP Server versions 6.1.0.x up to 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, used with WebSphere Application Server and other products. An authent...
CVE-2004-0493
The CVE-2004-0493 entry relates to Apache httpd 2.0.x prior to 2.0.50, where long MIME header lines with excessive spaces/tabs can cause memory exhaustion and, on 64-bit systems, a potential heap-based buffer overflow. Connected advisories confirm DoS concerns across Apache 2.0.x and related modu...
CVE-2000-0505
The CVE-2000-0505 entry concerns the Apache HTTP Server on Windows (Win32) in the 1.3.x line. The vulnerability allows remote attackers to list directory contents by issuing a URL containing a large sequence of forward slashes, which triggers directory listing of the web root as configured in htt...
CVE-2023-26281
CVE-2023-26281 affects IBM HTTP Server 8.5 (used with IBM WebSphere Application Server). A remote attacker can trigger a denial-of-service by sending a specially crafted URL. The issue is addressed by IBM HTTP Server fixes; advisories reference an update path for IBM HTTP Server (e.g., 8.5.5.24) ...
CVE-2004-0263
Technical details (affected product/version, root cause, impact, and remediation) are not publicly provided in the supplied connected documents. Monitor for updates.
CVE-2011-1360
CVE-2011-1360 covers multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier. The issue arises from untrusted input in documentation-related paths (manual/ibm/ and htdocs/*/manual/ibm/), enabling an attacker to inject arbitrary script/HTML. Products using IBM HTT...
CVE-2012-5955
Technical details about CVE-2012-5955 are not publicly provided in the connected documents. Monitor for updates from IBM/NVD and vendors for affected versions, impact, and remediation.
CVE-2001-0122
CVE-2001-0122 describes a kernel leak in IBM’s FRCA (AfpaCache) module used by IBM HTTP Server 1.3.x and WebSphere 3.52. The vulnerability allows remote attackers to cause a denial of service by issuing a sequence of malformed HTTP requests that generate a "+bad request" error. Affected products ...
CVE-2002-1822
CVE-2002-1822 concerns IBM HTTP Server 1.0 on AS/400, where remote attackers can obtain the web root path and other sensitive information. The leak occurs via an error message when requesting a non-existent JSP page. The vulnerability is documented with a NVD CVSS v2 base score of 5.0 (Medium) an...
CVE-2000-1168
CVE-2000-1168 affects IBM HTTP Server 1.3.6 (based on Apache). The vulnerability allows remote attackers to cause a denial of service and may lead to arbitrary command execution through a long GET request. The associated NVD entry lists a base score of 7.5 (High; Network vector, low attack comple...
CVE-2026-9170
IBM HTTP Server (powered by Apache) is affected by CVE-2026-9170, affecting IBM HTTP Server 8.5 and 9.0. The vulnerability is described as a denial of service with potential remote code execution due to improper input validation (CWE-94). The IBM Security Bulletin lists this CVE alongside several...
CVE-2026-8855
IBM HTTP Server versions 8.5 and 9.0 are affected by CVE-2026-8855, with remote code execution and denial of service when TLS mutual authentication is configured. The issue is documented by IBM and reflected in NVD with high-severity vectors (NETWORK, no user interaction). The IBM PSIRT bulletin ...
CVE-2026-8834
CVE-2026-8834 affects IBM HTTP Server versions 8.5 and 9.0. The issue is a buffer overflow in the server, which could be exploited by a privileged user authenticated to the Administration Server to execute remote code or cause a denial of service. The CVSS metrics indicate an adjacent attack vect...
CVE-2026-8835
The CVE-2026-8835 entry concerns IBM HTTP Server versions 8.5 and 9.0 vulnerable to an invalid pointer dereference. According to the connected sources, a privileged user authenticated to the Administration Server could exploit this issue to cause a denial of service or to expose sensitive informa...
CVE-2026-8854
CVE-2026-8854 affects IBM HTTP Server versions 8.5 and 9.0 via the optional mem_cache module (mod_mem_cache). The DoS condition arises from this component, with CVSS 3.1 base score 7.5 (Network, Low attack complexity, No privileges required, No user interaction). Connected sources confirm the vul...
CVE-2026-8856
IBM HTTP Server 8.5 and 9.0 are affected by CVE-2026-8856, a denial-of-service condition triggered when an attacker with write access to parts of the server configuration can consume resources. The IBM Security Bulletin lists this CVE among multiple vulnerabilities in IBM HTTP Server (bundled wit...
CVE-2026-8852
IBM HTTP Server (8.5 and 9.0) is affected by CVE-2026-8852, with denial of service via the optional mod_fastcgi module. The IBM bulletin confirms this alongside other IBM HTTP Server CVEs and provides remediation guidance: upgrade to the minimal fix pack level and apply the interim fix PH71265, o...
CVE-2026-8850
IBM HTTP Server 8.5 and 9.0 are affected by a denial-of-service through the optional module mod_ibm_upload. The NVD entry lists a CVSS 3.1 base score of 7.5 (HIGH) with network attack vector and no user interaction required, indicating the issue can be triggered remotely and could impact availabi...