U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 55 matching records.
Displaying matches 41 through 55.
Vuln ID Summary CVSS Severity
CVE-2005-3352

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Published: December 13, 2005; 3:03:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2004-0942

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

Published: February 09, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-2343

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument

Published: December 31, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2004-0263

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

Published: November 23, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-0174

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."

Published: May 04, 2004; 12:00:00 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2004-0173

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2003-0987

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

Published: March 03, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-0460

The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.

Published: August 27, 2003; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-0392

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.

Published: July 03, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0061

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

Published: March 21, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-1999-1293

mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.

Published: December 31, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-1999-0926

Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.

Published: September 03, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-1999-1199

Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.

Published: August 07, 1998; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-1999-0107

Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.

Published: December 30, 1997; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0070

test-cgi program allows an attacker to list files on the server.

Published: April 01, 1996; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM