Essentials
Download!
Documentation
Get Involved
Subprojects
Miscellaneous
|
Apache httpd 1.3 vulnerabilities
|
This page lists all security vulnerabilities fixed in released
versions of Apache httpd 1.3. Each
vulnerability is given a security impact rating by the Apache
security team - please note that this rating may well vary from
platform to platform. We also list the versions of Apache httpd the
flaw is known to affect, and where a flaw has not been verified list
the version with a question mark.
This page is created from a database of vulnerabilities originally
populated by Apache Week. Please send comments or corrections for
these vulnerabilities to the Security
Team.
|
Fixed in Apache httpd 1.3.41
|
-
moderate:
mod_status XSS
CVE-2007-6388
A flaw was found in the mod_status module. On sites where mod_status is
enabled and the status pages were publicly accessible, a cross-site
scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.
-
Update Released: 19th January 2008
-
Affects:
1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2
-
moderate:
mod_imap XSS
CVE-2007-5000
A flaw was found in the mod_imap module. On sites where
mod_imap is enabled and an imagemap file is publicly available, a
cross-site scripting attack is possible.
-
Update Released: 19th January 2008
-
Affects:
1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.39
|
-
moderate:
mod_status cross-site scripting
CVE-2006-5752
A flaw was found in the mod_status module. On sites where the
server-status page is publicly accessible and ExtendedStatus is
enabled this could lead to a cross-site scripting attack.
Note that the server-status
page is not enabled by default and it is best practice to not make
this publicly available.
-
Update Released: 7th September 2007
-
Affects:
1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2
-
moderate:
Signals to arbitrary processes
CVE-2007-3304
The Apache HTTP server did not verify that a process
was an Apache child process before sending it signals. A local
attacker with the ability to run scripts on the HTTP server could
manipulate the scoreboard and cause arbitrary processes to be
terminated which could lead to a denial of service.
-
Update Released: 7th September 2007
-
Affects:
1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.37
|
-
important:
mod_rewrite off-by-one error
CVE-2006-3747
An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely. For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
-
Update Released: 27th July 2006
-
Affects:
1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28
|
Fixed in Apache httpd 1.3.35
|
-
moderate:
Expect header Cross-Site Scripting
CVE-2006-3918
A flaw in the handling of invalid Expect headers. If an attacker can
influence the Expect header that a victim sends to a target site they
could perform a cross-site scripting attack. It is known that
some versions of Flash can set an arbitrary Expect header which can
trigger this flaw. Not marked as a security issue for 2.0 or
2.2 as the cross-site scripting is only returned to the victim after
the server times out a connection.
-
Update Released: 1st May 2006
-
Affects:
1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3
-
moderate:
mod_imap Referer Cross-Site Scripting
CVE-2005-3352
A flaw in mod_imap when using the Referer directive with image maps.
In certain site configurations a remote attacker could perform a cross-site
scripting attack if a victim can be forced to visit a malicious
URL using certain web browsers.
-
Update Released: 1st May 2006
-
Affects:
1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.33
|
-
moderate:
mod_include overflow
CVE-2004-0940
A buffer overflow in mod_include could allow a local user who
is authorised to create server side include (SSI) files to gain
the privileges of a httpd child.
-
Update Released: 28th October 2004
-
Affects:
1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.32
|
-
moderate:
mod_proxy buffer overflow
CVE-2004-0492
A buffer overflow was found in the Apache proxy module, mod_proxy, which
can be triggered by receiving an invalid Content-Length header. In order
to exploit this issue an attacker would need to get an Apache installation
that was configured as a proxy to connect to a malicious site. This would
cause the Apache child processing the request to crash, although this does
not represent a significant Denial of Service attack as requests will
continue to be handled by other Apache child processes. This issue may
lead to remote arbitrary code execution on some BSD platforms.
-
Update Released: 20th October 2004
-
Affects:
1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26
|
Fixed in Apache httpd 1.3.31
|
-
important:
listening socket starvation
CVE-2004-0174
A starvation issue on listening sockets occurs when a short-lived
connection on a rarely-accessed listening socket will cause a child to
hold the accept mutex and block out new connections until another
connection arrives on that rarely-accessed listening socket. This
issue is known to affect some versions of AIX, Solaris, and Tru64; it
is known to not affect FreeBSD or Linux.
-
Update Released: 12th May 2004
-
Affects:
1.3.29, 1.3.28?, 1.3.27?, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
important:
Allow/Deny parsing on big-endian 64-bit platforms
CVE-2003-0993
A bug in the parsing of Allow/Deny rules using IP addresses
without a netmask on big-endian 64-bit platforms causes the rules
to fail to match.
-
Update Released: 12th May 2004
-
Affects:
1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
low:
Error log escape filtering
CVE-2003-0020
Apache does not filter terminal escape sequences from error logs,
which could make it easier for attackers to insert those sequences
into terminal emulators containing vulnerabilities related to escape
sequences.
-
Update Released: 12th May 2004
-
Affects:
1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
low:
mod_digest nonce checking
CVE-2003-0987
mod_digest does not properly verify the nonce of a client response by
using a AuthNonce secret. This could allow a malicious user who is
able to sniff network traffic to conduct a replay attack against a
website using Digest protection. Note that mod_digest implements an
older version of the MD5 Digest Authentication specification which
is known not to work with modern browsers. This issue does not affect
mod_auth_digest.
-
Update Released: 12th May 2004
-
Affects:
1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.29
|
-
low:
Local configuration regular expression overflow
CVE-2003-0542
By using a regular expression with more than 9 captures a buffer
overflow can occur in mod_alias or mod_rewrite. To exploit this an
attacker would need to be able to create a carefully crafted configuration
file (.htaccess or httpd.conf)
-
Update Released: 27th October 2003
-
Affects:
1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.28
|
-
important:
RotateLogs DoS
CVE-2003-0460
The rotatelogs support program on Win32 and OS/2 would quit logging
and exit if it received special control characters such as 0x1A.
-
Update Released: 18th July 2003
-
Affects:
1.3.27, 1.3.26?, 1.3.24?, 1.3.22?, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
|
Fixed in Apache httpd 1.3.27
|
-
important:
Buffer overflows in ab utility
CVE-2002-0843
Buffer overflows in the benchmarking utility ab could be exploited if
ab is run against a malicious server
-
Update Released: 3rd October 2002
-
Affects:
1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
important:
Shared memory permissions lead to local privilege escalation
CVE-2002-0839
The permissions of the shared memory used for the scoreboard
allows an attacker who can execute under
the Apache UID to send a signal to any process as root or cause a local
denial of service attack.
-
Update Released: 3rd October 2002
-
Affects:
1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
low:
Error page XSS using wildcard DNS
CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of
Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
UseCanonicalName is "Off" and support for wildcard DNS is present,
allows remote attackers to execute script as other web page visitors
via the Host: header.
-
Update Released: 3rd October 2002
-
Affects:
1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.26
|
-
critical:
Apache Chunked encoding vulnerability
CVE-2002-0392
Requests to all versions of Apache 1.3 can cause various effects
ranging from a relatively harmless increase in
system resources through to denial of service attacks and in some
cases the ability to be remotely exploited.
-
Update Released: 18th June 2002
-
Affects:
1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
-
low:
Filtered escape sequences
CVE-2003-0083
Apache does not filter terminal escape sequences from its
access logs, which could make it easier for attackers to insert those
sequences into terminal emulators containing vulnerabilities related
to escape sequences,
-
Update Released: 18th June 2002
-
Affects:
1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.24
|
-
critical:
Win32 Apache Remote command execution
CVE-2002-0061
Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote
attackers to execute arbitrary commands via parameters passed
to batch file CGI scripts.
-
Update Released: 22nd March 2002
-
Affects:
1.3.22, 1.3.20?, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
|
Fixed in Apache httpd 1.3.22
|
-
important:
Requests can cause directory listing to be displayed
CVE-2001-0729
A vulnerability was found in the Win32 port of
Apache 1.3.20. A client submitting a very long URI
could cause a directory listing to be returned rather than
the default index page.
-
Update Released: 12th October 2001
-
Affects:
1.3.20
-
important:
Multiviews can cause a directory listing to be displayed
CVE-2001-0731
A vulnerability was found when Multiviews
are used to negotiate the directory index. In some
configurations, requesting a URI with a QUERY_STRING of
M=D could
return a directory listing rather than the expected index page.
-
Update Released: 12th October 2001
-
Affects:
1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
moderate:
split-logfile can cause arbitrary log files to be written to
CVE-2001-0730
A vulnerability was found in the split-logfile support
program. A request with a specially crafted Host:
header could allow any file with a .log extension on
the system to be written to.
-
Update Released: 12th October 2001
-
Affects:
1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.20
|
-
important:
Denial of service attack on Win32 and OS2
CVE-2001-1342
A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A
client submitting a carefully constructed URI could cause a General
Protection Fault in a child process, bringing up a message box which
would have to be cleared by the operator to resume operation. This
vulnerability introduced no identified means to compromise the server
other than introducing a possible denial of service.
-
Update Released: 22nd May 2001
-
Affects:
1.3.20, 1.3.19?, 1.3.17?, 1.3.14?, 1.3.12?, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
|
Fixed in Apache httpd 1.3.19
|
-
important:
Requests can cause directory listing to be displayed
CVE-2001-0925
The default installation can lead mod_negotiation and
mod_dir or mod_autoindex to display a
directory listing instead of the multiview index.html file if a
very long path was created artificially by using many slashes.
-
Update Released: 28th February 2001
-
Affects:
1.3.17, 1.3.14, 1.3.12, 1.3.11
|
Fixed in Apache httpd 1.3.14
|
-
important:
Rewrite rules that include references allow access to any file
CVE-2000-0913
The Rewrite module, mod_rewrite, can allow access to
any file on the web server. The vulnerability occurs only with
certain specific cases of using regular expression references in
RewriteRule directives: If the destination
of a RewriteRule contains regular expression references
then an attacker will be able to access any file on the server.
-
Update Released: 13th October 2000
-
Affects:
1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
-
important:
Mass virtual hosting can display CGI source
CVE-2000-1204
A security problem for users of the mass virtual hosting module,
mod_vhost_alias, causes
the source to a CGI to be sent if the cgi-bin directory is
under the document root. However, it is not normal to have your
cgi-bin directory under a document root.
-
Update Released: 13th October 2000
-
Affects:
1.3.12, 1.3.11, 1.3.9
-
moderate:
Requests can cause directory listing to be displayed on NT
CVE-2000-0505
A security hole on Apache for Windows allows a user to
view the listing of a
directory instead of the default HTML page by sending a carefully
constructed request.
-
Update Released: 13th October 2000
-
Affects:
1.3.12, 1.3.11?, 1.3.9?, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
|
Fixed in Apache httpd 1.3.12
|
-
important:
Cross-site scripting can reveal private session information
CVE-2000-1205
Apache was vulnerable to cross site scripting issues.
It was shown that malicious HTML tags can be embedded in client web
requests if the server or script handling the request does not
carefully encode all information displayed to
the user. Using these vulnerabilities attackers could, for
example, obtain copies of your private
cookies used to authenticate
you to other sites.
-
Update Released: 25th February 2000
-
Affects:
1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.11
|
-
moderate:
Mass virtual hosting security issue
CVE-2000-1206
A security problem can occur for sites using mass name-based virtual
hosting (using
the new mod_vhost_alias module) or with special
mod_rewrite rules.
-
Update Released: 21st January 2000
-
Affects:
1.3.9, 1.3.6?, 1.3.4?, 1.3.3?, 1.3.2?, 1.3.1?, 1.3.0?
|
Fixed in Apache httpd 1.3.4
|
-
important:
Denial of service attack on Win32
There have been a number of important security fixes to Apache on
Windows. The most important is that there is much better protection
against people trying to access special DOS device names (such as
"nul").
-
Update Released: 11th January 1999
-
Affects:
1.3.3, 1.3.2, 1.3.1, 1.3.0
|
Fixed in Apache httpd 1.3.2
|
-
important:
Multiple header Denial of Service vulnerability
CVE-1999-1199
A serious problem exists when a client
sends a large number of headers with the same header name. Apache uses
up memory faster than the amount of memory required to simply store
the received data itself. That is, memory use increases faster and
faster as more headers are received, rather than increasing at a
constant rate. This makes a denial of service attack based on this
method more effective than methods which cause Apache to use memory at
a constant rate, since the attacker has to send less data.
-
Update Released: 23rd September 1998
-
Affects:
1.3.1, 1.3.0
-
important:
Denial of service attacks
Apache 1.3.2 has
better protection against denial of service attacks. These are when
people make excessive requests to the server to try and prevent other
people using it. In 1.3.2 there are several new directives which can
limit the size of requests (these directives all start with the word
Limit).
-
Update Released: 23rd September 1998
-
Affects:
1.3.1, 1.3.0
|
|