National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,708 matching records.
Displaying matches 1541 through 1560.
Vuln ID Summary CVSS Severity
CVE-2005-2090

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Published: July 05, 2005; 12:00:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2005-1266

Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.

Published: June 15, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-0808

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-1344

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-0508

Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."

Published: March 14, 2005; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2004-0940

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

Published: February 09, 2005; 12:00:00 AM -05:00
    V2: 6.9 MEDIUM
CVE-2004-0942

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

Published: February 09, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2005-0108

Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.

Published: January 11, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2005-0182

The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.

Published: January 06, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-0811

Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-1387

The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2004-1404

Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-1405

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-1438

The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2004-1545

UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-1765

Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-2115

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2004-2336

Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-2343

** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2004-2650

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 4.9 MEDIUM