Filtered by vendor Apache
Subscriptions
Total
2894 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1344 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | ||||
| CVE-2002-1895 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. | ||||
| CVE-2000-1206 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files. | ||||
| CVE-2002-1850 | 1 Apache | 1 Http Server | 2026-04-16 | 7.5 High |
| mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. | ||||
| CVE-2004-0885 | 2 Apache, Redhat | 6 Http Server, Enterprise Linux, Network Proxy and 3 more | 2026-04-16 | N/A |
| The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | ||||
| CVE-2004-0940 | 7 Apache, Hp, Openpkg and 4 more | 9 Http Server, Hp-ux, Openpkg and 6 more | 2026-04-16 | 7.8 High |
| Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | ||||
| CVE-2000-0672 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. | ||||
| CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2026-04-16 | N/A |
| The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | ||||
| CVE-2004-2343 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument | ||||
| CVE-2006-3747 | 3 Apache, Canonical, Debian | 3 Http Server, Ubuntu Linux, Debian Linux | 2026-04-16 | N/A |
| Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. | ||||
| CVE-2005-4838 | 2 Apache, Redhat | 3 Tomcat, Network Satellite, Rhel Application Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. | ||||
| CVE-1999-0236 | 2 Apache, Illinois | 2 Http Server, Ncsa Httpd | 2026-04-16 | 7.5 High |
| ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | ||||
| CVE-2004-0811 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. | ||||
| CVE-2001-1072 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | ||||
| CVE-2006-2806 | 1 Apache | 1 James | 2026-04-16 | N/A |
| The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. | ||||
| CVE-2004-0179 | 4 Apache, Debian, Redhat and 1 more | 7 Openoffice, Subversion, Debian Linux and 4 more | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. | ||||
| CVE-2004-2650 | 1 Apache | 1 James | 2026-04-16 | N/A |
| Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. | ||||
| CVE-2005-4703 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. | ||||
| CVE-2005-0088 | 2 Apache, Redhat | 2 Mod Python, Enterprise Linux | 2026-04-16 | N/A |
| The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL. | ||||
| CVE-2000-0760 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. | ||||