Filtered by vendor Apache
Subscriptions
Total
2672 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4849 | 1 Apache | 1 Derby | 2025-04-03 | N/A |
| Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2002-2009 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. | ||||
| CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2025-04-03 | N/A |
| phf CGI program allows remote command execution through shell metacharacters. | ||||
| CVE-2000-0913 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. | ||||
| CVE-2005-4703 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. | ||||
| CVE-2004-2680 | 1 Apache | 1 Mod Python | 2025-04-03 | N/A |
| mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory. | ||||
| CVE-2004-1387 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2001-0042 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. | ||||
| CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2025-04-03 | N/A |
| mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | ||||
| CVE-2004-0942 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | N/A |
| Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. | ||||
| CVE-2002-2272 | 1 Apache | 2 Http Server, Tomcat | 2025-04-03 | N/A |
| Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. | ||||
| CVE-2004-0940 | 7 Apache, Hp, Openpkg and 4 more | 9 Http Server, Hp-ux, Openpkg and 6 more | 2025-04-03 | 7.8 High |
| Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | ||||
| CVE-1999-0045 | 2 Apache, Netscape | 4 Http Server, Commerce Server, Communications Server and 1 more | 2025-04-03 | N/A |
| List of arbitrary files on Web host via nph-test-cgi script. | ||||
| CVE-2000-1210 | 1 Apache | 1 Tomcat | 2025-04-03 | N/A |
| Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. | ||||
| CVE-2005-4838 | 2 Apache, Redhat | 3 Tomcat, Network Satellite, Rhel Application Server | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. | ||||
| CVE-2002-1593 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. | ||||
| CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2025-04-03 | N/A |
| A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | ||||
| CVE-2003-0134 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names. | ||||
| CVE-2006-0254 | 2 Apache, Redhat | 3 Geronimo, Network Satellite, Rhel Application Server | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. | ||||
| CVE-2004-0809 | 8 Apache, Debian, Gentoo and 5 more | 12 Http Server, Debian Linux, Linux and 9 more | 2025-04-03 | N/A |
| The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. | ||||