Apache

HTTP Server

301 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 16.26%
  • Published 09.06.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid u...

  • EPSS 85.32%
  • Published 09.06.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrate...

Exploit
  • EPSS 86.72%
  • Published 11.04.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

  • EPSS 6.52%
  • Published 11.04.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.

  • EPSS 11.12%
  • Published 02.04.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities relate...

  • EPSS 20.27%
  • Published 18.03.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

  • EPSS 45.03%
  • Published 07.02.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.

  • EPSS 4.36%
  • Published 07.02.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.

Exploit
  • EPSS 0.2%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which wou...

Exploit
  • EPSS 3.02%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock b...