Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2004-10-20 CVE-2004-0747 Incorrect Calculation of Buffer Size vulnerability in Apache Http Server
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
local
low complexity
apache CWE-131
7.8
2004-05-04 CVE-2004-0174 Improper Locking vulnerability in Apache Http Server
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
network
low complexity
apache CWE-667
7.5
2002-12-31 CVE-2002-1850 Improper Locking vulnerability in Apache Http Server 2.0.39/2.0.40
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
network
low complexity
apache CWE-667
7.5
2001-10-18 CVE-2001-0766 Improper Handling of Case Sensitivity vulnerability in Apache Http Server 1.3.14
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
network
low complexity
apache CWE-178
critical
9.8
1997-01-01 CVE-1999-0236 Information Exposure vulnerability in multiple products
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
network
low complexity
apache illinois CWE-200
7.5