Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 287 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2001-10-30 | CVE-2001-0730 | split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. | Http_server | N/A | ||
| 2001-10-30 | CVE-2001-0729 | Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. | Http_server | N/A | ||
| 2003-04-11 | CVE-2003-0132 | A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. | Http_server | N/A | ||
| 2003-06-09 | CVE-2003-0245 | Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors. | Http_server | N/A | ||
| 2002-08-12 | CVE-2002-0661 | Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. | Http_server | N/A | ||
| 2003-11-03 | CVE-2003-0542 | Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. | Http_server | N/A | ||
| 2002-09-05 | CVE-2002-0654 | Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. | Http_server | N/A | ||
| 2003-06-09 | CVE-2003-0189 | The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used. | Http_server | N/A | ||
| 2003-08-27 | CVE-2003-0460 | The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. | Http_server | N/A | ||
| 2002-10-11 | CVE-2002-0843 | Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | Http_server, Application_server, Database_server, Oracle8i | N/A |