Apache » Http Server : Security Vulnerabilities, CVEs, Published In 2004 (Overflow) CVSS score >= 3
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
Max CVSS
7.8
EPSS Score
0.05%
Published
2004-10-20
Updated
2024-02-02
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
Max CVSS
6.4
EPSS Score
96.23%
Published
2004-08-06
Updated
2021-06-06
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
Max CVSS
10.0
EPSS Score
1.23%
Published
2004-08-06
Updated
2021-06-06
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
Max CVSS
7.5
EPSS Score
57.48%
Published
2004-07-07
Updated
2022-09-23
4 vulnerabilities found