Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)Repositories | https://github.com/apache/httpd |
#Vulnerabilities | 287 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
1997-01-01 | CVE-1999-0236 | ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | Http_server, Ncsa_httpd | 7.5 | ||
1997-09-01 | CVE-1999-0071 | Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | Http_server | N/A | ||
1997-12-30 | CVE-1999-0107 | Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | Http_server | N/A | ||
1999-12-12 | CVE-1999-0289 | The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | Http_server | N/A | ||
2022-06-09 | CVE-2022-28330 | Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. | Http_server | 5.3 | ||
1999-06-03 | CVE-1999-1412 | A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | Http_server, Macos | N/A | ||
2001-12-31 | CVE-2001-1534 | mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. | Http_server | N/A | ||
1999-01-17 | CVE-1999-0678 | A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | Http_server | N/A | ||
2001-12-31 | CVE-2001-1556 | The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | Http_server | N/A | ||
1999-06-06 | CVE-1999-1237 | Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods. | Http_server | N/A |