Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 287 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-05-29 | CVE-2002-0240 | PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | Http_server | N/A | ||
| 2001-11-28 | CVE-2001-1449 | The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | Http_server, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_single_network_firewall | N/A | ||
| 2001-08-31 | CVE-2001-1072 | Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | Http_server | N/A | ||
| 2001-03-12 | CVE-2001-0131 | htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | Http_server, Immunix, Linux | N/A | ||
| 2001-02-16 | CVE-2001-0042 | PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. | Http_server | N/A | ||
| 2000-11-14 | CVE-2000-0869 | The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. | Http_server, Suse_linux | N/A | ||
| 2000-11-14 | CVE-2000-0868 | The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. | Http_server, Suse_linux | N/A | ||
| 1999-12-31 | CVE-1999-1293 | mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core. | Http_server | N/A | ||
| 1999-09-13 | CVE-1999-1053 | guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | Http_server, Matt_wright_guestbook | N/A | ||
| 1999-09-03 | CVE-1999-0926 | Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | Http_server | N/A |