Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apache Subscribe
Filtered by product Http Server
Total 289 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1580 1 Apache 1 Http Server 2010-02-07 4.3 MEDIUM N/A
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2005-1344 1 Apache 1 Http Server 2008-09-10 7.5 HIGH N/A
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
CVE-1999-0067 2 Apache, Ncsa 2 Http Server, Ncsa Httpd 2008-09-09 10.0 HIGH N/A
phf CGI program allows remote command execution through shell metacharacters.
CVE-2002-2012 1 Apache 1 Http Server 2008-09-05 5.0 MEDIUM N/A
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
CVE-2002-2029 1 Apache 1 Http Server 2008-09-05 7.5 HIGH N/A
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
CVE-2002-2103 1 Apache 1 Http Server 2008-09-05 5.0 MEDIUM N/A
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
CVE-2001-0766 1 Apache 1 Http Server 2008-09-05 7.5 HIGH N/A
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
CVE-1999-1053 2 Apache, Matt Wright 2 Http Server, Matt Wright Guestbook 2008-09-05 7.5 HIGH N/A cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
CVE-1999-0926 1 Apache 1 Http Server 2008-09-05 10.0 HIGH N/A
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.