Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache http server 1.3.9 vulnerabilities and exploits

(subscribe to this query)

5
CVSSv2
CVE-2000-1204
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root....
Apache Http Server 1.3.9Apache Http Server 1.3.11Apache Http Server 1.3.12
5
CVSSv2
CVE-2000-1206
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files....
Apache Http Server 1.3.9Apache Http Server 1.3.10
5
CVSSv2
CVE-2000-0505
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters....
Apache Http Server 1.3.6Apache Http Server 1.3.9Apache Http Server 1.3.11Apache Http Server 1.3.12Ibm Http Server 1.3.3Ibm Http Server 1.3.6.2
4.3
CVSSv2
CVE-2000-1205
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a...
Apache Http Server 1.3.0Apache Http Server 1.3.1Apache Http Server 1.3.2Apache Http Server 1.3.3Apache Http Server 1.3.4Apache Http Server 1.3.5Apache Http Server 1.3.6Apache Http Server 1.3.7Apache Http Server 1.3.8Apache Http Server 1.3.9Apache Http Server 1.3.10Apache Http Server 1.3.11
5
CVSSv2
CVE-2002-2103
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities....
Apache Http Server 1.3.9Apache Http Server 1.3.11Apache Http Server 1.3.12Apache Http Server 1.3.13Apache Http Server 1.3.14Apache Http Server 1.3.15Apache Http Server 1.3.16Apache Http Server 1.3.17Apache Http Server 1.3.18Apache Http Server 1.3.19Apache Http Server 1.3.20Apache Http Server 1.3.22Apache Http Server 1.3.23
4.6
CVSSv2
CVE-2002-1658
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of...
Apache Http Server 1.3.1Apache Http Server 1.3.3Apache Http Server 1.3.4Apache Http Server 1.3.6Apache Http Server 1.3.9Apache Http Server 1.3.11Apache Http Server 1.3.12Apache Http Server 1.3.14Apache Http Server 1.3.17Apache Http Server 1.3.18Apache Http Server 1.3.19Apache Http Server 1.3.20Apache Http Server 1.3.22Apache Http Server 1.3.23Apache Http Server 1.3.24Apache Http Server 1.3.25Apache Http Server 1.3.26Apache Http Server 1.3.27
7.5
CVSSv2
CVE-2003-0993
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions....
Apache Http Server 1.3Apache Http Server 1.3.1Apache Http Server 1.3.3Apache Http Server 1.3.4Apache Http Server 1.3.6Apache Http Server 1.3.7Apache Http Server 1.3.9Apache Http Server 1.3.11Apache Http Server 1.3.12Apache Http Server 1.3.14Apache Http Server 1.3.17Apache Http Server 1.3.18Apache Http Server 1.3.19Apache Http Server 1.3.20Apache Http Server 1.3.22Apache Http Server 1.3.23Apache Http Server 1.3.24Apache Http Server 1.3.25Apache Http Server 1.3.26Apache Http Server 1.3.27Apache Http Server 1.3.28Apache Http Server 1.3.29
7.5
CVSSv2
CVE-2002-0392
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size....
Apache Http Server 1.0Apache Http Server 1.0.2Apache Http Server 1.0.3Apache Http Server 1.0.5Apache Http Server 1.1Apache Http Server 1.1.1Apache Http Server 1.2Apache Http Server 1.2.5Apache Http Server 1.3Apache Http Server 1.3.1Apache Http Server 1.3.3Apache Http Server 1.3.4Apache Http Server 1.3.9Apache Http Server 1.3.11Apache Http Server 1.3.12Apache Http Server 1.3.13Apache Http Server 1.3.14Apache Http Server 1.3.15Apache Http Server 1.3.16Apache Http Server 1.3.17Apache Http Server 1.3.18Apache Http Server 1.3.19Apache Http Server 1.3.20Apache Http Server 1.3.22Apache Http Server 1.3.23Apache Http Server 1.3.24Apache Http Server 2.0Apache Http Server 2.0.28Apache Http Server 2.0.32Apache Http Server 2.0.35Apache Http Server 2.0.36
5
CVSSv2
CVE-2004-0263
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information....
Apache Http Server 1.0Apache Http Server 1.0.2Apache Http Server 1.0.3Apache Http Server 1.0.5Apache Http Server 1.1Apache Http Server 1.1.1Apache Http Server 1.2Apache Http Server 1.2.5Apache Http Server 1.3Apache Http Server 1.3.1Apache Http Server 1.3.3Apache Http Server 1.3.4Apache Http Server 1.3.6Apache Http Server 1.3.7Apache Http Server 1.3.9Apache Http Server 1.3.11Apache Http Server 1.3.12Apache Http Server 1.3.14Apache Http Server 1.3.17Apache Http Server 1.3.18Apache Http Server 1.3.19Apache Http Server 1.3.20Apache Http Server 1.3.22Apache Http Server 1.3.23Apache Http Server 1.3.24Apache Http Server 1.3.25Apache Http Server 1.3.26Apache Http Server 1.3.27Apache Http Server 1.3.28Apache Http Server 1.3.29Apache Http Server 2.0Apache Http Server 2.0.9Apache Http Server 2.0.28Apache Http Server 2.0.32Apache Http Server 2.0.35Apache Http Server 2.0.36Apache Http Server 2.0.37Apache Http Server 2.0.38Apache Http Server 2.0.39Apache Http Server 2.0.40Apache Http Server 2.0.41Apache Http Server 2.0.42Apache Http Server 2.0.43Apache Http Server 2.0.44Apache Http Server 2.0.45Apache Http Server 2.0.46Apache Http Server 2.0.47Apache Http Server 2.0.48Ibm Http Server 1.3.19
7.6
CVSSv2
CVE-2006-3747
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly...
Apache Http Server 1.3.3Apache Http Server 1.3.4Apache Http Server 1.3.5Apache Http Server 1.3.6Apache Http Server 1.3.7Apache Http Server 1.3.8Apache Http Server 1.3.9Apache Http Server 1.3.28Apache Http Server 1.3.29Apache Http Server 1.3.30Apache Http Server 1.3.31Apache Http Server 1.3.32Apache Http Server 1.3.33Apache Http Server 2.0.46Apache Http Server 2.0.47Apache Http Server 2.0.48Apache Http Server 2.0.49Apache Http Server 2.0.50Apache Http Server 2.0.51Apache Http Server 2.0.52Apache Http Server 2.0.53Apache Http Server 2.0.54Apache Http Server 2.0.55Apache Http Server 2.0.56Apache Http Server 2.0.57Apache Http Server 2.0.58Ubuntu Ubuntu Linux 5.04Ubuntu Ubuntu Linux 5.10Ubuntu Ubuntu Linux 6.06 Lts
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
arbitrary codeCVE-2020-36079microfocusCVE-2021-26561CVE-2021-21972NULL pointer dereferenceCVE-2021-25281deserializationsolutions business managerCVE-2020-28243CVE-2020-27618