Apache

HTTP Server

330 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 15.46%
  • Veröffentlicht 16.09.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:06:25

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

  • EPSS 33.64%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:05:44

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes...

Exploit
  • EPSS 84.78%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:05:44

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header...

  • EPSS 37.68%
  • Veröffentlicht 07.07.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:05:43

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subje...

  • EPSS 11.55%
  • Veröffentlicht 04.05.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:05:05

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listeni...

Exploit
  • EPSS 15.76%
  • Veröffentlicht 15.04.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:05:05

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

  • EPSS 9.74%
  • Veröffentlicht 29.03.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:03:19

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.

  • EPSS 9.9%
  • Veröffentlicht 29.03.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:04:57

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.

Exploit
  • EPSS 3.5%
  • Veröffentlicht 20.03.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:08:29

mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.

  • EPSS 5.56%
  • Veröffentlicht 03.03.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:03:18

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.