Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 287 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-08-14 | CVE-2006-4110 | Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. | Http_server | N/A | ||
| 2005-05-02 | CVE-2005-1344 | Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | Http_server | N/A | ||
| 2004-12-31 | CVE-2004-1387 | The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | Http_server | N/A | ||
| 2004-02-03 | CVE-2004-1082 | mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | Http_server, Apache_mod_digest_apple, Communication_manager, Intuity_audix_lx, Mn100, Modular_messaging_message_storage_server, Network_routing, Virtualvault, Webproxy, Http_server, Openbsd, Openserver, Solaris, Sunos | N/A | ||
| 2004-11-23 | CVE-2004-0263 | PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | Http_server, Http_server | N/A | ||
| 2004-04-15 | CVE-2004-0173 | Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | Http_server | N/A | ||
| 2010-02-05 | CVE-2003-1581 | The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | Http_server | N/A | ||
| 2010-02-05 | CVE-2003-1580 | The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | Http_server | N/A | ||
| 2003-12-31 | CVE-2003-1418 | Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). | Http_server | N/A | ||
| 2002-12-31 | CVE-2002-2272 | Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. | Http_server, Tomcat | N/A |