Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Http Server
Total 312 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0245 1 Apache 1 Http Server 2025-04-03 5.0 MEDIUM N/A
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
CVE-2004-1082 8 Apache, Apple, Avaya and 5 more 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more 2025-04-03 7.5 HIGH N/A
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
CVE-2001-0925 2 Apache, Debian 2 Http Server, Debian Linux 2025-04-03 5.0 MEDIUM N/A
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
CVE-2000-0505 2 Apache, Ibm 2 Http Server, Http Server 2025-04-03 5.0 MEDIUM N/A
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
CVE-2004-0174 1 Apache 1 Http Server 2025-04-03 5.0 MEDIUM 7.5 HIGH
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
CVE-2002-1156 1 Apache 1 Http Server 2025-04-03 5.0 MEDIUM N/A
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
CVE-2003-0016 1 Apache 1 Http Server 2025-04-03 7.5 HIGH N/A
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
CVE-2003-0020 1 Apache 1 Http Server 2025-04-03 5.0 MEDIUM N/A
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
CVE-2000-0868 2 Apache, Suse 2 Http Server, Suse Linux 2025-04-03 5.0 MEDIUM N/A
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
CVE-1999-1293 1 Apache 1 Http Server 2025-04-03 10.0 HIGH N/A
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
CVE-2001-1556 1 Apache 1 Http Server 2025-04-03 5.0 MEDIUM N/A
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
CVE-2001-0766 2 Apache, Apple 2 Http Server, Mac Os X 2025-04-03 7.5 HIGH 9.8 CRITICAL
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
CVE-2001-1449 2 Apache, Mandrakesoft 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more 2025-04-03 7.5 HIGH N/A
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
CVE-2001-1072 1 Apache 1 Http Server 2025-04-03 5.0 MEDIUM N/A
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
CVE-2002-1850 1 Apache 1 Http Server 2025-04-03 5.0 MEDIUM 7.5 HIGH
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
CVE-2004-0173 1 Apache 1 Http Server 2025-04-03 5.0 MEDIUM N/A
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
CVE-2004-0492 5 Apache, Hp, Ibm and 2 more 7 Http Server, Virtualvault, Vvos and 4 more 2025-04-03 10.0 HIGH N/A
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
CVE-2004-1834 1 Apache 1 Http Server 2025-04-03 2.1 LOW N/A
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
CVE-2005-2088 2 Apache, Debian 2 Http Server, Debian Linux 2025-04-03 4.3 MEDIUM N/A
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2002-1593 1 Apache 1 Http Server 2025-04-03 5.0 MEDIUM N/A
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.