National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,572 matching records.
Displaying matches 1541 through 1560.
Vuln ID Summary CVSS Severity
CVE-2001-1342

Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.

Published: May 12, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0108

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0131

htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0925

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0042

PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Published: January 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-1168

IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2000-0913

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

Published: December 19, 2000; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-1016

The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.

Published: December 11, 2000; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

Published: November 14, 2000; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-0869

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

Published: November 14, 2000; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-0883

The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.

Published: November 14, 2000; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-0759

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.

Published: October 20, 2000; 12:00:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2000-0760

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

Published: October 20, 2000; 12:00:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2000-0791

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.

Published: October 20, 2000; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2000-1204

Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.

Published: October 13, 2000; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2000-0628

The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.

Published: July 11, 2000; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2000-0505

The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.

Published: May 31, 2000; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.

Published: February 01, 2000; 12:00:00 AM -05:00
V2: 4.3 MEDIUM
CVE-1999-1293

mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.

Published: December 31, 1999; 12:00:00 AM -05:00
V2: 10.0 HIGH