Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 296 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-10-11 | CVE-2002-1156 | Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled. | Http_server | N/A | ||
| 2002-10-11 | CVE-2002-0840 | Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. | Http_server, Application_server, Database_server, Oracle8i, Oracle9i | N/A | ||
| 2001-10-01 | CVE-2001-0731 | Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. | Http_server | N/A | ||
| 2003-02-07 | CVE-2003-0016 | Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. | Http_server | N/A | ||
| 2001-10-30 | CVE-2001-0730 | split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. | Http_server | N/A | ||
| 2001-10-30 | CVE-2001-0729 | Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. | Http_server | N/A | ||
| 2003-04-11 | CVE-2003-0132 | A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. | Http_server | N/A | ||
| 2003-06-09 | CVE-2003-0245 | Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors. | Http_server | N/A | ||
| 2002-08-12 | CVE-2002-0661 | Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. | Http_server | N/A | ||
| 2003-11-03 | CVE-2003-0542 | Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. | Http_server | N/A |