Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 287 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-03-29 | CVE-2003-0993 | mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. | Http_server | N/A | ||
| 2004-07-07 | CVE-2004-0488 | Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. | Http_server, Debian_linux, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
| 2004-08-06 | CVE-2004-0493 | The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | Http_server, Converged_communications_server, S8300, S8500, S8700, Linux, Http_server, Secure_linux | N/A | ||
| 2004-09-16 | CVE-2004-0809 | The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. | Http_server, Debian_linux, Linux, Hp\-Ux, Secure_web_server_for_tru64, Mandrake_linux, Enterprise_linux, Enterprise_linux_desktop, Secure_linux, Turbolinux_desktop, Turbolinux_home, Turbolinux_server | N/A | ||
| 2004-10-20 | CVE-2004-0786 | The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. | Http_server | N/A | ||
| 2004-10-20 | CVE-2004-0751 | The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). | Http_server | N/A | ||
| 2004-10-20 | CVE-2004-0748 | mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. | Http_server | N/A | ||
| 2004-11-03 | CVE-2004-0885 | The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | Http_server | N/A | ||
| 2004-12-31 | CVE-2004-0811 | Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. | Http_server | N/A | ||
| 2005-02-09 | CVE-2004-0942 | Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. | Http_server | N/A |