Search Results (353 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1593 1 Apache 1 Http Server 2026-04-16 N/A
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
CVE-2004-0113 2 Apache, Redhat 3 Http Server, Enterprise Linux, Linux 2026-04-16 N/A
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
CVE-2005-2088 3 Apache, Debian, Redhat 3 Http Server, Debian Linux, Enterprise Linux 2026-04-16 N/A
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-1999-0071 1 Apache 1 Http Server 2026-04-16 N/A
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
CVE-2004-1834 2 Apache, Redhat 2 Http Server, Enterprise Linux 2026-04-16 N/A
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
CVE-2005-2728 2 Apache, Redhat 2 Http Server, Enterprise Linux 2026-04-16 N/A
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
CVE-1999-0070 1 Apache 1 Http Server 2026-04-16 N/A
test-cgi program allows an attacker to list files on the server.
CVE-2002-1156 1 Apache 1 Http Server 2026-04-16 N/A
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
CVE-2003-1307 1 Apache 1 Http Server 2026-04-16 N/A
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.
CVE-2002-1233 1 Apache 1 Http Server 2026-04-16 N/A
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
CVE-2006-3918 4 Apache, Canonical, Debian and 1 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2026-04-16 N/A
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
CVE-2002-0061 1 Apache 1 Http Server 2026-04-16 N/A
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
CVE-2004-0748 2 Apache, Redhat 2 Http Server, Enterprise Linux 2026-04-16 N/A
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
CVE-2004-0747 2 Apache, Redhat 2 Http Server, Enterprise Linux 2026-04-16 7.8 High
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
CVE-2004-0885 2 Apache, Redhat 6 Http Server, Enterprise Linux, Network Proxy and 3 more 2026-04-16 N/A
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
CVE-2003-0987 2 Apache, Redhat 4 Http Server, Enterprise Linux, Rhel Stronghold and 1 more 2026-04-16 N/A
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
CVE-2002-0843 3 Apache, Oracle, Redhat 8 Http Server, Application Server, Database Server and 5 more 2026-04-16 N/A
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
CVE-2004-0488 3 Apache, Debian, Redhat 8 Http Server, Debian Linux, Enterprise Linux and 5 more 2026-04-16 N/A
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
CVE-2001-1534 1 Apache 1 Http Server 2026-04-16 N/A
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
CVE-2005-1344 1 Apache 1 Http Server 2026-04-16 N/A
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.