Apache : Security Vulnerabilities, CVEs, Published In 2005 CVSS score >= 6
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
Max CVSS
7.8
EPSS Score
0.11%
Published
2005-12-31
Updated
2019-03-25
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
Max CVSS
10.0
EPSS Score
0.21%
Published
2005-09-06
Updated
2023-02-13
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
Max CVSS
7.5
EPSS Score
0.40%
Published
2005-05-02
Updated
2008-09-10
The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.
Max CVSS
7.5
EPSS Score
0.32%
Published
2005-05-02
Updated
2018-10-19
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
Max CVSS
7.8
EPSS Score
0.12%
Published
2005-02-09
Updated
2024-02-02
5 vulnerabilities found