National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,635 matching records.
Displaying matches 1481 through 1500.
Vuln ID Summary CVSS Severity
CVE-2004-1438

The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2004-1545

UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-1765

Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-2115

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2004-2336

Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-2343

** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2004-2650

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 4.9 MEDIUM
CVE-2004-2680

mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-2734

webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-0646

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.

Published: December 23, 2004; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-1083

Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.

Published: December 03, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-1084

Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.

Published: December 02, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-0263

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

Published: November 23, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-0885

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

Published: November 03, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-0747

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

Published: October 20, 2004; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2004-0748

mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.

Published: October 20, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-0751

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).

Published: October 20, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-0786

The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.

Published: October 20, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-0809

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

Published: September 16, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-0490

cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.

Published: August 18, 2004; 12:00:00 AM -04:00
    V2: 7.2 HIGH