National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:apache:http_server:2.0.46
There are 69 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2007-6388

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 08, 2008; 01:46:00 PM -05:00
V2: 4.3 MEDIUM
CVE-2007-5000

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: December 13, 2007; 01:46:00 PM -05:00
V2: 4.3 MEDIUM
CVE-2007-6203

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

Published: December 03, 2007; 05:46:00 PM -05:00
V2: 4.3 MEDIUM
CVE-2007-4465

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

Published: September 13, 2007; 08:17:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2006-4154

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.

Published: October 16, 2006; 03:07:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2006-3747

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Published: July 28, 2006; 02:02:00 PM -04:00
V2: 7.6 HIGH
CVE-2005-3357

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

Published: December 31, 2005; 12:00:00 AM -05:00
V2: 5.4 MEDIUM
CVE-2005-3352

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Published: December 13, 2005; 03:03:00 PM -05:00
V2: 4.3 MEDIUM
CVE-2005-2700

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Published: September 06, 2005; 07:03:00 PM -04:00
V2: 10.0 HIGH
CVE-2005-2728

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.

Published: August 30, 2005; 07:45:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Published: July 05, 2005; 12:00:00 AM -04:00
V2: 4.3 MEDIUM
CVE-2004-0942

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

Published: February 09, 2005; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-2343

** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2004-0263

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

Published: November 23, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-0885

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

Published: November 03, 2004; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2004-0747

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

Published: October 20, 2004; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2004-0748

mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.

Published: October 20, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-0751

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).

Published: October 20, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-0786

The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.

Published: October 20, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-0488

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

Published: July 07, 2004; 12:00:00 AM -04:00
V2: 7.5 HIGH