Apache : Security Vulnerabilities, CVEs, Published In 2005 (Denial of service) CVSS score >= 3
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
Max CVSS
5.0
EPSS Score
0.30%
Published
2005-12-31
Updated
2019-03-25
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
Max CVSS
5.0
EPSS Score
1.53%
Published
2005-11-06
Updated
2019-03-25
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
Max CVSS
5.4
EPSS Score
97.27%
Published
2005-12-31
Updated
2023-02-13
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
Max CVSS
5.0
EPSS Score
0.79%
Published
2005-10-25
Updated
2023-02-13
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
Max CVSS
5.0
EPSS Score
93.96%
Published
2005-08-30
Updated
2021-06-06
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
Max CVSS
5.0
EPSS Score
0.89%
Published
2005-08-05
Updated
2023-02-13
Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
Max CVSS
5.0
EPSS Score
29.33%
Published
2005-06-15
Updated
2023-02-13
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
Max CVSS
5.0
EPSS Score
83.18%
Published
2005-05-02
Updated
2017-07-11
Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
Max CVSS
5.0
EPSS Score
0.24%
Published
2005-01-11
Updated
2017-07-11
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
Max CVSS
5.0
EPSS Score
96.51%
Published
2005-02-09
Updated
2021-06-06
10 vulnerabilities found