Apache

HTTP Server

330 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 3.3%
  • Veröffentlicht 20.06.2007 22:30:00
  • Zuletzt bearbeitet 16.06.2026 22:41:27

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the m...

  • EPSS 5.33%
  • Veröffentlicht 04.06.2007 23:30:00
  • Zuletzt bearbeitet 16.06.2026 22:38:26

The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentiall...

  • EPSS 0.69%
  • Veröffentlicht 13.04.2007 17:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:13

suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated u...

  • EPSS 0.7%
  • Veröffentlicht 13.04.2007 17:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:13

suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the...

  • EPSS 0.52%
  • Veröffentlicht 13.04.2007 16:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:12

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE...

  • EPSS 90.77%
  • Veröffentlicht 16.03.2007 22:19:00
  • Zuletzt bearbeitet 16.06.2026 22:35:35

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence...

  • EPSS 9.62%
  • Veröffentlicht 05.01.2007 18:28:00
  • Zuletzt bearbeitet 16.06.2026 22:34:53

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOT...

  • EPSS 15.86%
  • Veröffentlicht 16.10.2006 19:07:00
  • Zuletzt bearbeitet 16.06.2026 22:28:31

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core...

Exploit
  • EPSS 37.37%
  • Veröffentlicht 14.08.2006 20:04:00
  • Zuletzt bearbeitet 16.06.2026 22:28:26

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file...

  • EPSS 96.44%
  • Veröffentlicht 28.07.2006 18:02:00
  • Zuletzt bearbeitet 16.06.2026 22:27:43

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (applica...