U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:apache:http_server:2.0.48
There are 87 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2007-1863

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

Published: June 27, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-3304

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

Published: June 20, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2006-4154

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.

Published: October 16, 2006; 3:07:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-3747

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Published: July 28, 2006; 2:02:00 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2005-3357

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

Published: December 31, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2005-3352

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Published: December 13, 2005; 3:03:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2005-2970

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

Published: October 25, 2005; 1:06:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2005-2700

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Published: September 06, 2005; 7:03:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2005-2728

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.

Published: August 30, 2005; 7:45:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2005-1268

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

Published: August 05, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Published: July 05, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2004-0942

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

Published: February 09, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-0263

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

Published: November 23, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-0885

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

Published: November 03, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-0747

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

Published: October 20, 2004; 12:00:00 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2004-0748

mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.

Published: October 20, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-0751

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).

Published: October 20, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-0786

The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.

Published: October 20, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-0809

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

Published: September 16, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-0493

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

Published: August 06, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM