National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,447 matching records.
Displaying matches 1421 through 1440.
Vuln ID Summary CVSS Severity
CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Published: January 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-1168

IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2000-0913

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

Published: December 19, 2000; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-1016

The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.

Published: December 11, 2000; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

Published: November 14, 2000; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-0869

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

Published: November 14, 2000; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-0883

The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.

Published: November 14, 2000; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-0759

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.

Published: October 20, 2000; 12:00:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2000-0760

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

Published: October 20, 2000; 12:00:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2000-0791

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.

Published: October 20, 2000; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2000-1204

Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.

Published: October 13, 2000; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2000-0628

The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.

Published: July 11, 2000; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2000-0505

The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.

Published: May 31, 2000; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.

Published: February 01, 2000; 12:00:00 AM -05:00
V2: 4.3 MEDIUM
CVE-1999-1293

mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.

Published: December 31, 1999; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-1999-0289

The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.

Published: December 12, 1999; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-1999-1053

guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Published: September 13, 1999; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-1999-0926

Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.

Published: September 03, 1999; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2000-1206

Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.

Published: August 20, 1999; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-1999-1237

Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.

Published: June 06, 1999; 12:00:00 AM -04:00
V2: 10.0 HIGH