CVE-2002-2029
- EPSS 24.6%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:00:31
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
- EPSS 6.06%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:00:39
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
CVE-2002-2272
- EPSS 9.68%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:00:59
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values...
CVE-2002-1233
- EPSS 0.56%
- Veröffentlicht 04.11.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:58
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack ...
CVE-2002-0839
- EPSS 0.94%
- Veröffentlicht 11.10.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:14
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that...
CVE-2002-0840
- EPSS 94.01%
- Veröffentlicht 11.10.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:14
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web pag...
CVE-2002-0843
- EPSS 21.42%
- Veröffentlicht 11.10.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:14
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
- EPSS 13.46%
- Veröffentlicht 11.10.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:49
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
- EPSS 7.04%
- Veröffentlicht 25.09.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:37
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
- EPSS 58.68%
- Veröffentlicht 05.09.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:52
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that o...