National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,635 matching records.
Displaying matches 1461 through 1480.
Vuln ID Summary CVSS Severity
CVE-2005-3164

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Published: October 06, 2005; 06:02:00 AM -04:00
    V2: 2.6 LOW
CVE-2005-2660

apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.

Published: September 30, 2005; 03:10:00 PM -04:00
    V2: 2.1 LOW
CVE-2005-2700

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Published: September 06, 2005; 07:03:00 PM -04:00
    V2: 10.0 HIGH
CVE-2005-2728

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.

Published: August 30, 2005; 07:45:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-2491

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Published: August 23, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-1268

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

Published: August 05, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Published: July 05, 2005; 12:00:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2005-2090

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Published: July 05, 2005; 12:00:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2005-1266

Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.

Published: June 15, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-0808

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-1344

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-0508

Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."

Published: March 14, 2005; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2004-0940

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

Published: February 09, 2005; 12:00:00 AM -05:00
    V2: 6.9 MEDIUM
CVE-2004-0942

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

Published: February 09, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2005-0108

Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.

Published: January 11, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2005-0182

The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.

Published: January 06, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-0811

Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-1387

The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2004-1404

Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-1405

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH