Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache http server 2.0.52 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2005-1344
Buffer overflow in htdigest in Apache 2.0.52 may allow malicious users to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privile...
Apache Http Server 2.0.52
7.5
CVSSv2
CVE-2004-0885
The mod_ssl module in Apache 2.0.35 up to and including 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
Apache Http Server 2.0.42Apache Http Server 2.0.47Apache Http Server 2.0.50Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.44Apache Http Server 2.0.39Apache Http Server 2.0.52Apache Http Server 2.0.51Apache Http Server 2.0.41Apache Http Server 2.0.49Apache Http Server 2.0.38Apache Http Server 2.0.48Apache Http Server 2.0.45Apache Http Server 2.0.40Apache Http Server 2.0.36Apache Http Server 2.0.46Apache Http Server 2.0.43
5
CVSSv2
CVE-2005-2728
The byte-range filter in Apache 2.0 prior to 2.0.54 allows remote malicious users to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
Apache Http Server 2.0.42Apache Http Server 2.0.47Apache Http Server 2.0.50Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.44Apache Http Server 2.0.39Apache Http Server 2.0.52Apache Http Server 2.0.53Apache Http Server 2.0.51Apache Http Server 2.0.28Apache Http Server 2.0.41Apache Http Server 2.0.49Apache Http Server 2.0.9Apache Http Server 2.0.32Apache Http Server 2.0.38Apache Http Server 2.0.48Apache Http Server 2.0.45Apache Http Server 2.0.40Apache Http Server 2.0.36Apache Http Server 2.0.46Apache Http Server 2.0.43
4.3
CVSSv2
CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components...
Apache Http Server 2.0.51Apache Http Server 2.0.52Apache Http Server 2.1.2Apache Http Server 2.1.3Apache Http Server 2.2.2Apache Http Server 2.2.3Apache Http Server 2.0.46Apache Http Server 2.0.53Apache Http Server 2.0.54Apache Http Server 2.0.55Apache Http Server 2.1.4Apache Http Server 2.1.5Apache Http Server 2.2.4Apache Http Server 2.0.47Apache Http Server 2.0.48Apache Http Server 2.0.57Apache Http Server 2.0.58Apache Http Server 2.1.6Apache Http Server 2.1.7Apache Http Server 2.0.49Apache Http Server 2.0.50Apache Http Server 2.0.59
5.4
CVSSv2
CVE-2005-3357
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote malicious users to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer derefere...
Apache Http Server 2.0.42Apache Http Server 2.0.47Apache Http Server 2.0.50Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.55Apache Http Server 2.0.44Apache Http Server 2.0.39Apache Http Server 2.0.52Apache Http Server 2.0.53Apache Http Server 2.0.51Apache Http Server 2.0.28Apache Http Server 2.0.41Apache Http Server 2.0.49Apache Http Server 2.0.9Apache Http Server 2.0.32Apache Http Server 2.0.38Apache Http Server 2.0.48Apache Http Server 2.0.45Apache Http Server 2.0.40Apache Http Server 2.0.36Apache Http Server 2.0.46
6.8
CVSSv2
CVE-2006-4154
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent malicious users to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
Apache Http Server 2.0.28Apache Http Server 2.0.32Apache Http Server 2.0.39Apache Http Server 2.0.40Apache Http Server 2.0.48Apache Http Server 2.0.49Apache Http Server 2.0.56Apache Http Server 2.0.57Apache Http Server 2.1.3Apache Http Server 2.1.4Apache Http Server 2.1.5Apache Http Server 2.0.37Apache Http Server 2.0.38Apache Http Server 2.0.46Apache Http Server 2.0.47Apache Http Server 2.0.54Apache Http Server 2.0.55Apache Http Server 2.1.1Apache Http Server 2.1.2Apache Http Server 2.2.3Apache Http Server 2.0Apache Http Server 2.0.35
4.3
CVSSv2
CVE-2008-2168
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and previous versions allows remote malicious users to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
Apache Http Server 2.0.28Apache Http Server 2.0Apache Http Server 2.0.37Apache Http Server 2.0.32Apache Http Server 2.0.39Apache Http Server 2.0.40Apache Http Server 2.0.41Apache Http Server 2.0.48Apache Http Server 2.0.49Apache Http Server 2.0.56Apache Http Server 2.0.57Apache Http Server 2.1.2Apache Http Server 2.1.3Apache Http Server 2.2.1Apache Http Server 2.2.2Apache Http Server 2.0.34Apache Http Server 2.0.42Apache Http Server 2.0.43Apache Http Server 2.0.50Apache Http Server 2.0.51Apache Http Server 2.0.58Apache Http Server 2.0.59
4.4
CVSSv2
CVE-2011-3607
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x up to and including 2.0.64 and 2.2.x up to and including 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvI...
Apache Http Server 2.0.42Apache Http Server 2.0.64Apache Http Server 2.0.58Apache Http Server 2.0.47Apache Http Server 2.0.56Apache Http Server 2.0.50Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.55Apache Http Server 2.0.44Apache Http Server 2.0.39Apache Http Server 2.0.52Apache Http Server 2.0.53Apache Http Server 2.0.57Apache Http Server 2.0.51Apache Http Server 2.0.28Apache Http Server 2.0.63Apache Http Server 2.0.41Apache Http Server 2.0.49Apache Http Server 2.0.9Apache Http Server 2.0.34Apache Http Server 2.0.61
1.2
CVSSv2
CVE-2011-4415
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x up to and including 2.0.64 and 2.2.x up to and including 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a de...
Apache Http Server 2.0.55Apache Http Server 2.0.54Apache Http Server 2.0.46Apache Http Server 2.0.49Apache Http Server 2.0.63Apache Http Server 2.0.9Apache Http Server 2.0.35Apache Http Server 2.0.34Apache Http Server 2.0.37Apache Http Server 2.0.57Apache Http Server 2.0.56Apache Http Server 2.0.51Apache Http Server 2.0.48Apache Http Server 2.0.43Apache Http Server 2.0.60Apache Http Server 2.0Apache Http Server 2.0.36Apache Http Server 2.0.39Apache Http Server 2.0.50Apache Http Server 2.0.53Apache Http Server 2.0.42Apache Http Server 2.0.45
4.3
CVSSv2
CVE-2011-3639
The mod_proxy module in the Apache HTTP Server 2.0.x up to and including 2.0.64 and 2.2.x prior to 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse pro...
Apache Http Server 2.0.42Apache Http Server 2.0.58Apache Http Server 2.2.11Apache Http Server 2.2.0Apache Http Server 2.2.10Apache Http Server 2.2.13Apache Http Server 2.0.47Apache Http Server 2.0.56Apache Http Server 2.0.50Apache Http Server 2.0.27Apache Http Server 2.2.2Apache Http Server 2.0.12Apache Http Server 2.0.20Apache Http Server2.0a9Apache Http Server 2.2.4Apache Http Server 2.0.35Apache Http Server 2.0.37Apache Http Server 2.0.55Apache Http Server 2.2.17Apache Http Server 2.0.44Apache Http Server 2.2.16Apache Http Server 2.0.39
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook