Filtered by vendor Apache
Subscriptions
Total
2398 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2000-0672 | 1 Apache | 1 Tomcat | 2024-11-20 | N/A |
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. | ||||
CVE-2000-0505 | 2 Apache, Ibm | 2 Http Server, Http Server | 2024-11-20 | N/A |
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. | ||||
CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2024-11-20 | N/A |
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | ||||
CVE-1999-1293 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core. | ||||
CVE-1999-1237 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods. | ||||
CVE-1999-1199 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. | ||||
CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2024-11-20 | N/A |
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | ||||
CVE-1999-0926 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | ||||
CVE-1999-0678 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-11-20 | N/A |
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | ||||
CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2024-11-20 | N/A |
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | ||||
CVE-1999-0236 | 2 Apache, Illinois | 2 Http Server, Ncsa Httpd | 2024-11-20 | 7.5 High |
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | ||||
CVE-1999-0107 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | ||||
CVE-1999-0071 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | ||||
CVE-1999-0070 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
test-cgi program allows an attacker to list files on the server. | ||||
CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2024-11-20 | N/A |
phf CGI program allows remote command execution through shell metacharacters. | ||||
CVE-1999-0045 | 2 Apache, Netscape | 4 Http Server, Commerce Server, Communications Server and 1 more | 2024-11-20 | N/A |
List of arbitrary files on Web host via nph-test-cgi script. | ||||
CVE-2024-42361 | 1 Apache | 1 Hertzbeat | 2024-09-03 | 7.5 High |
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection. | ||||
CVE-2024-42362 | 2 Apache, Dromara | 2 Hertzbeat, Hertzbeat | 2024-08-28 | 8.8 High |
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0. |