Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Apache)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 296 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-02-09 | CVE-2004-0940 | Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | Http_server, Hp\-Ux, Openpkg, Slackware_linux, Suse_linux, Secure_linux | 7.8 | ||
| 1996-03-20 | CVE-1999-0067 | phf CGI program allows remote command execution through shell metacharacters. | Http_server, Ncsa_httpd | N/A | ||
| 2002-03-21 | CVE-2002-0061 | Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. | Http_server | N/A | ||
| 2008-08-06 | CVE-2008-2939 | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | Http_server, Mac_os_x, Ubuntu_linux, Opensuse | N/A | ||
| 2005-12-13 | CVE-2005-3352 | Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. | Http_server | N/A | ||
| 2015-07-20 | CVE-2015-3183 | The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c. | Http_server | N/A | ||
| 2002-07-03 | CVE-2002-0392 | Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. | Http_server, Debian_linux | N/A | ||
| 1996-04-01 | CVE-1999-0070 | test-cgi program allows an attacker to list files on the server. | Http_server | N/A | ||
| 1998-08-07 | CVE-1999-1199 | Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. | Http_server | N/A | ||
| 1999-08-20 | CVE-2000-1206 | Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files. | Http_server | N/A |