Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2007 | Information Disclosure vulnerability in Apache Tomcat 3.2.3/3.2.4 The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages. | 5.0 |
| 2002-12-31 | CVE-2002-1850 | Improper Locking vulnerability in Apache Http Server 2.0.39/2.0.40 mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. | 7.5 |
| 2002-12-31 | CVE-2002-1658 | Buffer Overflow vulnerability in Multiple Apache HTDigest Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. | 4.6 |
| 2002-11-04 | CVE-2002-1233 | Unspecified vulnerability in Apache Http Server A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. | 2.6 |
| 2002-05-29 | CVE-2002-0257 | Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. | 7.5 |
| 2002-05-29 | CVE-2002-0249 | Path Disclosure vulnerability in Apache Http Server 2.0.28 PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | 5.0 |
| 2002-05-29 | CVE-2002-0240 | Path Disclosure vulnerability in Apache Http Server 2.0.28 PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | 5.0 |
| 2002-05-16 | CVE-2002-0185 | Unspecified vulnerability in Apache MOD Python mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module. | 7.5 |
| 2002-03-22 | CVE-2000-1210 | Directory Traversal vulnerability in Apache Tomcat 1.1.3/3.0/3.1 Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2001-12-31 | CVE-2001-1563 | Remote Security vulnerability in Tomcat Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. | 7.5 |