National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,635 matching records.
Displaying matches 1601 through 1620.
Vuln ID Summary CVSS Severity
CVE-2001-1013

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.

Published: September 12, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1072

Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.

Published: August 31, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0590

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

Published: August 02, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1342

Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.

Published: May 12, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0108

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

Published: March 12, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0131

htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
    V2: 1.2 LOW
CVE-2001-0925

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

Published: March 12, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0042

PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

Published: February 16, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Published: January 12, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-1168

IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2000-0913

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-1016

The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

Published: November 14, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-0869

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

Published: November 14, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-0883

The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.

Published: November 14, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-0759

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.

Published: October 20, 2000; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2000-0760

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

Published: October 20, 2000; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2000-0791

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.

Published: October 20, 2000; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2000-1204

Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.

Published: October 13, 2000; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2000-0628

The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.

Published: July 11, 2000; 12:00:00 AM -04:00
    V2: 7.5 HIGH