Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-12-31 | CVE-2001-1556 | Remote Security vulnerability in Apache The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | 5.0 |
| 2001-12-06 | CVE-2001-0829 | Cross-Site Scripting vulnerability in Apache Tomcat 3.2.1 A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message. | 5.1 |
| 2001-08-31 | CVE-2001-1072 | Unspecified vulnerability in Apache Http Server 1.3.14/1.3.17/1.3.19 Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | 5.0 |
| 2001-08-02 | CVE-2001-0590 | Unspecified vulnerability in Apache Tomcat Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. | 5.0 |
| 2001-02-16 | CVE-2001-0042 | Unspecified vulnerability in Apache Http Server 1.3 PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. | 5.0 |
| 2000-11-14 | CVE-2000-0869 | The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. | 5.0 |
| 2000-11-14 | CVE-2000-0868 | The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. | 5.0 |
| 2000-07-20 | CVE-2000-0672 | Unspecified vulnerability in Apache Tomcat 3.0/3.1 The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. | 5.0 |
| 1999-12-12 | CVE-1999-0289 | Unspecified vulnerability in Apache Http Server The Apache web server for Win32 may provide access to restricted files when a . | 5.0 |
| 1999-06-03 | CVE-1999-1412 | A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | 5.0 |