Apache : Security Vulnerabilities, CVEs, CVSS score between 5 and 7.99
List of arbitrary files on Web host via nph-test-cgi script.
Max CVSS
7.5
EPSS Score
0.44%
Published
1996-12-10
Updated
2022-08-17
test-cgi program allows an attacker to list files on the server.
Max CVSS
5.0
EPSS Score
7.97%
Published
1996-04-01
Updated
2020-10-13
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
Max CVSS
7.5
EPSS Score
0.14%
Published
1997-09-01
Updated
2022-08-17
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
Max CVSS
5.0
EPSS Score
0.37%
Published
1997-12-30
Updated
2022-08-17
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
Max CVSS
7.5
EPSS Score
0.28%
Published
1997-01-01
Updated
2022-08-17
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
Max CVSS
5.0
EPSS Score
0.19%
Published
1999-12-12
Updated
2022-08-17
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
Max CVSS
5.0
EPSS Score
2.94%
Published
1999-01-17
Updated
2020-10-13
CVE-1999-1053
Public exploit
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Max CVSS
7.5
EPSS Score
94.36%
Published
1999-09-13
Updated
2008-09-05
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
Max CVSS
5.0
EPSS Score
0.23%
Published
1999-06-03
Updated
2021-09-22
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
Max CVSS
5.0
EPSS Score
0.39%
Published
2000-05-31
Updated
2021-06-06
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
Max CVSS
5.0
EPSS Score
0.20%
Published
2000-07-20
Updated
2022-02-22
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
Max CVSS
6.4
EPSS Score
15.90%
Published
2000-10-20
Updated
2008-09-05
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
Max CVSS
6.4
EPSS Score
6.18%
Published
2000-10-20
Updated
2008-09-05
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
Max CVSS
5.0
EPSS Score
88.95%
Published
2000-11-14
Updated
2017-10-10
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.
Max CVSS
5.0
EPSS Score
1.47%
Published
2000-11-14
Updated
2017-10-10
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
Max CVSS
5.0
EPSS Score
0.52%
Published
2000-12-19
Updated
2021-06-06
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
Max CVSS
5.0
EPSS Score
0.39%
Published
2000-10-13
Updated
2021-06-06
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
Max CVSS
5.0
EPSS Score
0.71%
Published
1999-08-20
Updated
2021-06-06
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
Max CVSS
5.0
EPSS Score
1.08%
Published
2002-03-22
Updated
2016-10-18
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
Max CVSS
5.0
EPSS Score
3.52%
Published
2001-02-16
Updated
2017-10-10
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
Max CVSS
5.0
EPSS Score
3.88%
Published
2001-08-02
Updated
2017-10-10
Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
Max CVSS
5.0
EPSS Score
0.93%
Published
2001-10-30
Updated
2021-06-06
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
Max CVSS
5.0
EPSS Score
0.31%
Published
2001-10-30
Updated
2021-06-06
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
Max CVSS
5.0
EPSS Score
96.52%
Published
2001-10-01
Updated
2021-06-06
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
Max CVSS
5.1
EPSS Score
0.09%
Published
2001-12-06
Updated
2008-09-10