Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-11-23 | CVE-2004-0263 | PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | 5.0 |
| 2004-04-15 | CVE-2004-0173 | Directory Traversal vulnerability in Apache Cygwin Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | 5.0 |
| 2004-03-03 | CVE-2004-0096 | Unspecified vulnerability in Apache MOD Python 2.7.9 Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973. | 5.0 |
| 2003-12-31 | CVE-2003-1418 | Information Exposure vulnerability in Apache Http Server Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). | 4.3 |
| 2003-12-31 | CVE-2003-1172 | Directory Traversal vulnerability in Apache Cocoon 2.1/2.1.2/2.2 Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. | 5.0 |
| 2003-12-15 | CVE-2003-0973 | Unspecified vulnerability in Apache MOD Python Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. | 5.0 |
| 2003-02-07 | CVE-2003-0045 | Denial-Of-Service vulnerability in Tomcat Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. | 5.0 |
| 2003-02-07 | CVE-2003-0044 | Cross-Site Scripting vulnerability in Apache Tomcat Example Web Application Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. network apache | 6.8 |
| 2003-02-07 | CVE-2003-0043 | Unspecified vulnerability in Apache Tomcat Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. | 5.0 |
| 2003-02-07 | CVE-2003-0042 | Unspecified vulnerability in Apache Tomcat Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. | 5.0 |