Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:apache:http_server:2.2.20
There are 68 matching records.
Displaying matches 61 through 68.
Vuln ID Summary CVSS Severity
CVE-2001-1556

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

Published: December 31, 2001; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0131

htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 1.2 LOW
CVE-1999-0289

The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.

Published: December 12, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-1237

Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.

Published: June 06, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-1999-1412

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.

Published: June 03, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-1999-0678

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

Published: January 17, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0236

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

Published: January 01, 1997; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-1999-0070

test-cgi program allows an attacker to list files on the server.

Published: April 01, 1996; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM