Filtered by vendor Apache
Subscriptions
Total
2824 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0185 | 2 Apache, Redhat | 2 Mod Python, Linux | 2026-04-16 | N/A |
| mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module. | ||||
| CVE-2004-0751 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2026-04-16 | N/A |
| The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). | ||||
| CVE-2004-0096 | 2 Apache, Redhat | 3 Mod Python, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973. | ||||
| CVE-2003-0045 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. | ||||
| CVE-2006-0743 | 1 Apache | 1 Log4net | 2026-04-16 | N/A |
| Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | ||||
| CVE-1999-0926 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | ||||
| CVE-2003-0134 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names. | ||||
| CVE-1999-0045 | 2 Apache, Netscape | 4 Http Server, Commerce Server, Communications Server and 1 more | 2026-04-16 | N/A |
| List of arbitrary files on Web host via nph-test-cgi script. | ||||
| CVE-2000-0869 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2026-04-16 | N/A |
| The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. | ||||
| CVE-2003-0132 | 2 Apache, Redhat | 2 Http Server, Linux | 2026-04-16 | N/A |
| A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. | ||||
| CVE-2005-1268 | 3 Apache, Debian, Redhat | 6 Http Server, Debian Linux, Enterprise Linux and 3 more | 2026-04-16 | N/A |
| Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||||
| CVE-2003-1172 | 1 Apache | 1 Cocoon | 2026-04-16 | N/A |
| Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2005-3164 | 2 Apache, Hitachi | 2 Tomcat, Cosminexus Application Server | 2026-04-16 | N/A |
| The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. | ||||
| CVE-2000-1205 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant. | ||||
| CVE-2001-0731 | 2 Apache, Redhat | 3 Http Server, Linux, Secure Web Server | 2026-04-16 | N/A |
| Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. | ||||
| CVE-2005-2700 | 4 Apache, Canonical, Debian and 1 more | 6 Http Server, Ubuntu Linux, Debian Linux and 3 more | 2026-04-16 | N/A |
| ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2003-0789 | 2 Apache, Redhat | 2 Http Server, Linux | 2026-04-16 | N/A |
| mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. | ||||
| CVE-1999-0107 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | ||||
| CVE-2004-2343 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument | ||||
| CVE-2005-3351 | 2 Apache, Redhat | 2 Spamassassin, Enterprise Linux | 2026-04-16 | N/A |
| SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | ||||