Product:

Http_server

(Apache)
Repositories https://github.com/apache/httpd
#Vulnerabilities 287
Date Id Summary Products Score Patch Annotated
1996-12-10 CVE-1999-0045 List of arbitrary files on Web host via nph-test-cgi script. Http_server, Commerce_server, Communications_server, Enterprise_server N/A
1997-01-01 CVE-1999-0236 ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. Http_server, Ncsa_httpd 7.5
1997-09-01 CVE-1999-0071 Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. Http_server N/A
1997-12-30 CVE-1999-0107 Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. Http_server N/A
1999-12-12 CVE-1999-0289 The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. Http_server N/A
2022-06-09 CVE-2022-28330 Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. Http_server 5.3
1999-06-03 CVE-1999-1412 A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. Http_server, Macos N/A
2001-12-31 CVE-2001-1534 mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. Http_server N/A
1999-01-17 CVE-1999-0678 A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. Http_server N/A
2001-12-31 CVE-2001-1556 The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. Http_server N/A