Apache » Http Server : Security Vulnerabilities, CVEs, Published In 2003 (Denial of service) CVSS score >= 4
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
Max CVSS
7.2
EPSS Score
0.10%
Published
2003-11-03
Updated
2021-06-06
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
Max CVSS
5.0
EPSS Score
5.80%
Published
2003-08-27
Updated
2021-06-06
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
Max CVSS
5.0
EPSS Score
0.23%
Published
2003-08-18
Updated
2021-06-06
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
Max CVSS
5.0
EPSS Score
0.28%
Published
2003-08-18
Updated
2021-06-06
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
Max CVSS
5.0
EPSS Score
96.63%
Published
2003-06-09
Updated
2021-06-06
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
Max CVSS
5.0
EPSS Score
0.70%
Published
2003-06-09
Updated
2021-06-06
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
Max CVSS
5.0
EPSS Score
0.89%
Published
2003-04-11
Updated
2021-06-06
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
Max CVSS
5.0
EPSS Score
91.80%
Published
2003-04-11
Updated
2021-07-15
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
Max CVSS
7.5
EPSS Score
5.86%
Published
2003-02-07
Updated
2021-06-06
9 vulnerabilities found