Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)Repositories | https://github.com/apache/httpd |
#Vulnerabilities | 287 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2002-12-31 | CVE-2002-2103 | Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. | Http_server | N/A | ||
2002-12-31 | CVE-2002-2029 | PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. | Http_server | N/A | ||
2002-12-31 | CVE-2002-2012 | Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request. | Http_server | N/A | ||
2002-12-31 | CVE-2002-1658 | Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | Http_server | N/A | ||
2002-11-04 | CVE-2002-1233 | A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. | Http_server | N/A | ||
2002-05-29 | CVE-2002-0257 | Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. | Http_server, Makebid_auction_deluxe | N/A | ||
2002-05-29 | CVE-2002-0249 | PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | Http_server | N/A | ||
2002-05-29 | CVE-2002-0240 | PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | Http_server | N/A | ||
2001-11-28 | CVE-2001-1449 | The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | Http_server, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_single_network_firewall | N/A | ||
2001-08-31 | CVE-2001-1072 | Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | Http_server | N/A |