Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)Repositories | https://github.com/apache/httpd |
#Vulnerabilities | 287 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
1997-12-30 | CVE-1999-0107 | Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | Http_server | N/A | ||
1999-12-12 | CVE-1999-0289 | The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | Http_server | N/A | ||
2022-06-09 | CVE-2022-28330 | Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. | Http_server | 5.3 | ||
1999-06-03 | CVE-1999-1412 | A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | Http_server, Macos | N/A | ||
2001-12-31 | CVE-2001-1534 | mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. | Http_server | N/A | ||
1999-01-17 | CVE-1999-0678 | A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | Http_server | N/A | ||
2001-12-31 | CVE-2001-1556 | The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | Http_server | N/A | ||
1999-06-06 | CVE-1999-1237 | Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods. | Http_server | N/A | ||
2018-09-25 | CVE-2018-11763 | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. | Http_server, Ubuntu_linux, Storage_automation_store, Enterprise_manager_ops_center, Hospitality_guest_access, Instantis_enterprisetrack, Retail_xstore_point_of_service, Secure_global_desktop, Enterprise_linux | 5.9 | ||
2012-03-19 | CVE-2012-1181 | fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit. | Http_server, Mod_fcgid | N/A |