Filtered by vendor Apache
Subscriptions
Total
2549 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0493 | 6 Apache, Avaya, Gentoo and 3 more | 9 Http Server, Converged Communications Server, S8300 and 6 more | 2025-04-03 | N/A |
| The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | ||||
| CVE-2006-1095 | 1 Apache | 1 Mod Python | 2025-04-03 | N/A |
| Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | ||||
| CVE-2003-0987 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux, Rhel Stronghold and 1 more | 2025-04-03 | N/A |
| mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. | ||||
| CVE-2002-0392 | 3 Apache, Debian, Redhat | 7 Http Server, Debian Linux, Enterprise Linux and 4 more | 2025-04-03 | N/A |
| Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. | ||||
| CVE-2003-0973 | 2 Apache, Redhat | 3 Mod Python, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. | ||||
| CVE-2006-0743 | 1 Apache | 1 Log4net | 2025-04-03 | N/A |
| Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | ||||
| CVE-2000-0672 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. | ||||
| CVE-2003-0866 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. | ||||
| CVE-2000-0759 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path. | ||||
| CVE-2002-0257 | 2 Apache, Usanet Creations | 2 Http Server, Makebid Auction Deluxe | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. | ||||
| CVE-2006-3918 | 4 Apache, Canonical, Debian and 1 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2025-04-03 | N/A |
| http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | ||||
| CVE-2003-0789 | 2 Apache, Redhat | 2 Http Server, Linux | 2025-04-03 | N/A |
| mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. | ||||
| CVE-1999-0926 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | ||||
| CVE-2002-0249 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | ||||
| CVE-2002-0061 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. | ||||
| CVE-2003-1418 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). | ||||
| CVE-2006-0042 | 2 Apache, Debian | 2 Libapreq2, Debian Linux | 2025-04-03 | N/A |
| Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. | ||||
| CVE-2003-0254 | 2 Apache, Redhat | 2 Http Server, Linux | 2025-04-03 | N/A |
| Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket. | ||||
| CVE-2000-1210 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. | ||||
| CVE-2005-1268 | 3 Apache, Debian, Redhat | 6 Http Server, Debian Linux, Enterprise Linux and 3 more | 2025-04-03 | N/A |
| Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||||