Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache http server 2.0.49 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2004-0885
The mod_ssl module in Apache 2.0.35 up to and including 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
Apache Http Server 2.0.42Apache Http Server 2.0.47Apache Http Server 2.0.50Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.44Apache Http Server 2.0.39Apache Http Server 2.0.52Apache Http Server 2.0.51Apache Http Server 2.0.41Apache Http Server 2.0.49Apache Http Server 2.0.38Apache Http Server 2.0.48Apache Http Server 2.0.45Apache Http Server 2.0.40Apache Http Server 2.0.36Apache Http Server 2.0.46Apache Http Server 2.0.43
NA
CVE-2004-1834
mod_disk_cache in Apache 2.0 up to and including 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
Apache Http Server 2.0.42Apache Http Server 2.0.47Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.44Apache Http Server 2.0.39Apache Http Server 2.0.28Apache Http Server 2.0.41Apache Http Server 2.0.49Apache Http Server 2.0.9Apache Http Server 2.0.32Apache Http Server 2.0.38Apache Http Server 2.0.48Apache Http Server 2.0.45Apache Http Server 2.0.40Apache Http Server 2.0.36Apache Http Server 2.0.46Apache Http Server 2.0.43Apache Http Server 2.0
NA
CVE-2005-2728
The byte-range filter in Apache 2.0 prior to 2.0.54 allows remote malicious users to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
Apache Http Server 2.0.42Apache Http Server 2.0.47Apache Http Server 2.0.50Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.44Apache Http Server 2.0.39Apache Http Server 2.0.52Apache Http Server 2.0.53Apache Http Server 2.0.51Apache Http Server 2.0.28Apache Http Server 2.0.41Apache Http Server 2.0.49Apache Http Server 2.0.9Apache Http Server 2.0.32Apache Http Server 2.0.38Apache Http Server 2.0.48Apache Http Server 2.0.45Apache Http Server 2.0.40Apache Http Server 2.0.36Apache Http Server 2.0.46Apache Http Server 2.0.43
NA
CVE-2005-3357
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote malicious users to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer derefere...
Apache Http Server 2.0.42Apache Http Server 2.0.47Apache Http Server 2.0.50Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.55Apache Http Server 2.0.44Apache Http Server 2.0.39Apache Http Server 2.0.52Apache Http Server 2.0.53Apache Http Server 2.0.51Apache Http Server 2.0.28Apache Http Server 2.0.41Apache Http Server 2.0.49Apache Http Server 2.0.9Apache Http Server 2.0.32Apache Http Server 2.0.38Apache Http Server 2.0.48Apache Http Server 2.0.45Apache Http Server 2.0.40Apache Http Server 2.0.36Apache Http Server 2.0.46
NA
CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components...
Apache Http Server 2.0.51Apache Http Server 2.0.52Apache Http Server 2.1.2Apache Http Server 2.1.3Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.0.46Apache Http Server 2.0.53Apache Http Server 2.0.54Apache Http Server 2.0.55Apache Http Server 2.1.4Apache Http Server 2.1.5Apache Http Server 2.2.4Apache Http Server 2.0.47Apache Http Server 2.0.48Apache Http Server 2.0.57Apache Http Server 2.0.58Apache Http Server 2.1.6Apache Http Server 2.1.7Apache Http Server 2.0.49Apache Http Server 2.0.50Apache Http Server 2.0.59
NA
CVE-2006-4154
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent malicious users to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
Apache Http Server 2.0.28Apache Http Server 2.0.32Apache Http Server 2.0.39Apache Http Server 2.0.40Apache Http Server 2.0.48Apache Http Server 2.0.49Apache Http Server 2.0.56Apache Http Server 2.0.57Apache Http Server 2.1.3Apache Http Server 2.1.4Apache Http Server 2.1.5Apache Http Server 2.0.37Apache Http Server 2.0.38Apache Http Server 2.0.46Apache Http Server 2.0.47Apache Http Server 2.0.54Apache Http Server 2.0.55Apache Http Server 2.1.1Apache Http Server 2.1.2Apache Http Server 2.2.3Apache Http Server 2.0Apache Http Server 2.0.35
NA
CVE-2008-2168
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and previous versions allows remote malicious users to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
Apache Http Server 2.0.28Apache Http Server 2.0Apache Http Server 2.0.37Apache Http Server 2.0.32Apache Http Server 2.0.39Apache Http Server 2.0.40Apache Http Server 2.0.41Apache Http Server 2.0.48Apache Http Server 2.0.49Apache Http Server 2.0.56Apache Http Server 2.0.57Apache Http Server 2.1.2Apache Http Server 2.1.3Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.0.34Apache Http Server 2.0.42Apache Http Server 2.0.43Apache Http Server 2.0.50Apache Http Server 2.0.51Apache Http Server 2.0.58Apache Http Server 2.0.59
NA
CVE-2011-4415
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x up to and including 2.0.64 and 2.2.x up to and including 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a de...
Apache Http Server 2.0.55Apache Http Server 2.0.54Apache Http Server 2.0.46Apache Http Server 2.0.49Apache Http Server 2.0.63Apache Http Server 2.0.9Apache Http Server 2.0.35Apache Http Server 2.0.34Apache Http Server 2.0.37Apache Http Server 2.0.57Apache Http Server 2.0.56Apache Http Server 2.0.51Apache Http Server 2.0.48Apache Http Server 2.0.43Apache Http Server 2.0.60Apache Http Server 2.0Apache Http Server 2.0.36Apache Http Server 2.0.39Apache Http Server 2.0.50Apache Http Server 2.0.53Apache Http Server 2.0.42Apache Http Server 2.0.45
NA
CVE-2011-3607
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x up to and including 2.0.64 and 2.2.x up to and including 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvI...
Apache Http Server 2.0.42Apache Http Server 2.0.64Apache Http Server 2.0.58Apache Http Server 2.0.47Apache Http Server 2.0.56Apache Http Server 2.0.50Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.55Apache Http Server 2.0.44Apache Http Server 2.0.39Apache Http Server 2.0.52Apache Http Server 2.0.53Apache Http Server 2.0.57Apache Http Server 2.0.51Apache Http Server 2.0.28Apache Http Server 2.0.63Apache Http Server 2.0.41Apache Http Server 2.0.49Apache Http Server 2.0.9Apache Http Server 2.0.34Apache Http Server 2.0.61
NA
CVE-2004-0113
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 prior to 2.0.49 allows remote malicious users to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
Apache Http Server 2.0.42Apache Http Server 2.0.47Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.44Apache Http Server 2.0.39Apache Http Server 2.0.41Apache Http Server 2.0.38Apache Http Server 2.0.48Apache Http Server 2.0.45Apache Http Server 2.0.40Apache Http Server 2.0.36Apache Http Server 2.0.46Apache Http Server 2.0.43
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook