National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:apache:http_server
There are 248 matching records.
Displaying matches 241 through 248.
Vuln ID Summary CVSS Severity

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

Published: January 17, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM

Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.

Published: August 07, 1998; 12:00:00 AM -04:00
    V2: 10.0 HIGH

Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.

Published: December 30, 1997; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

Published: September 01, 1997; 12:00:00 AM -04:00
    V2: 7.5 HIGH

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

Published: January 01, 1997; 12:00:00 AM -05:00
    V2: 10.0 HIGH

List of arbitrary files on Web host via nph-test-cgi script.

Published: December 10, 1996; 12:00:00 AM -05:00
    V2: 7.5 HIGH

test-cgi program allows an attacker to list files on the server.

Published: April 01, 1996; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM

phf CGI program allows remote command execution through shell metacharacters.

Published: March 20, 1996; 12:00:00 AM -05:00
    V2: 10.0 HIGH