apache http server 2.0 vulnerabilities and exploits

(subscribe to this query)

5

CVSSv2

The authentication module for Apache 2.0.40 up to and including 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote malicious users to cause a denial of service (failed Basic authentication with valid usernames and...

Apache Http Server 2.0.42 Apache Http Server 2.0.44 Apache Http Server 2.0.41 Apache Http Server 2.0.45 Apache Http Server 2.0.40 Apache Http Server 2.0.43

6.4

CVSSv2

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote malicious users to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large number...

Trustix Secure Linux 2.0 Avaya Converged Communications Server 2.0 Trustix Secure Linux 1.5 Gentoo Linux 1.4 Trustix Secure Linux 2.1 Apache Http Server 2.0.47 Ibm Http Server 2.0.42.1 Avaya S8300 R2.0.0 Apache Http Server 2.0.49 Ibm Http Server 2.0.42 Ibm Http Server 2.0.47.1 Apache Http Server 2.0.48 Ibm Http Server 2.0.42.2 Avaya S8700 R2.0.0 Avaya S8500 R2.0.0 Ibm Http Server 2.0.47

2 EDB exploits

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd prior to 1.3.35-dev and Apache httpd 2.0.x prior to 2.0.56-dev allows remote malicious users to inject arbitrary web script or HTML via the Referer when using image maps.

Apache Http Server 2.2 Apache Http Server

5

CVSSv2

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote malicious users to cause a denial of service (segmentation fault).

Apache Http Server

1 EDB exploit

10

CVSSv2

Apache allows remote malicious users to conduct a denial of service via a large number of MIME headers.

Apache Http Server 1.2.5

1 EDB exploit

7.5

CVSSv2

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote malicious users to execute arbitrary code via a client certificate with a long subject DN.

Apache Http Server Debian Debian Linux 3.0 Redhat Enterprise Linux Server 2.0 Redhat Enterprise Linux Workstation 2.0

7.5

CVSSv2

Apache for Win32 prior to 1.3.24, and 2.0.x prior to 2.0.34-beta, allows remote malicious users to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, t...

Apache Http Server

1 EDB exploit

5

CVSSv2

Apache 1.3 prior to 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for malicious users to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences,...

Apache Http Server

5

CVSSv2

A memory leak in Apache 2.0 up to and including 2.0.44 allows remote malicious users to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

Apache Http Server

2 EDB exploits1 Github repository

Get Started

« PREV 1 2 3 4 5 6 7 8 9 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook