Essentials
Download!
Documentation
Get Involved
Subprojects
Miscellaneous
|
Apache httpd 2.0 vulnerabilities
|
This page lists all security vulnerabilities fixed in released
versions of Apache httpd 2.0. Each
vulnerability is given a security impact rating by the Apache
security team - please note that this rating may well vary from
platform to platform. We also list the versions of Apache httpd the
flaw is known to affect, and where a flaw has not been verified list
the version with a question mark.
This page is created from a database of vulnerabilities originally
populated by Apache Week. Please send comments or corrections for
these vulnerabilities to the Security
Team.
|
Fixed in Apache httpd 2.0.64-dev
|
-
low:
mod_proxy_ftp globbing XSS
CVE-2008-2939
A flaw was found in the handling of wildcards in the path of a FTP
URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support
FTP-over-HTTP, requests containing globbing characters could lead
to cross-site scripting (XSS) attacks.
-
Affects:
2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.63
|
-
low:
mod_proxy_ftp UTF-7 XSS
CVE-2008-0005
A workaround was added in the mod_proxy_ftp module. On sites where
mod_proxy_ftp is enabled and a forward proxy is configured, a
cross-site scripting attack is possible against Web browsers which do
not correctly derive the response character set following the rules in
RFC 2616.
-
Update Released: 19th January 2008
-
Affects:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
mod_status XSS
CVE-2007-6388
A flaw was found in the mod_status module. On sites where mod_status is
enabled and the status pages were publicly accessible, a cross-site
scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.
-
Update Released: 19th January 2008
-
Affects:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
mod_imap XSS
CVE-2007-5000
A flaw was found in the mod_imap module. On sites where
mod_imap is enabled and an imagemap file is publicly available, a
cross-site scripting attack is possible.
-
Update Released: 19th January 2008
-
Affects:
2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.61
|
-
moderate:
mod_proxy crash
CVE-2007-3847
A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
a reverse proxy is configured, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. On sites where a forward proxy is configured, an attacker
could cause a similar crash if a user could be persuaded to visit a
malicious site using the proxy. This could lead to a denial of service if
using a threaded Multi-Processing Module.
-
Update Released: 7th September 2007
-
Affects:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
mod_status cross-site scripting
CVE-2006-5752
A flaw was found in the mod_status module. On sites where the
server-status page is publicly accessible and ExtendedStatus is
enabled this could lead to a cross-site scripting attack.
Note that the server-status
page is not enabled by default and it is best practice to not make
this publicly available.
-
Update Released: 7th September 2007
-
Affects:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
Signals to arbitrary processes
CVE-2007-3304
The Apache HTTP server did not verify that a process
was an Apache child process before sending it signals. A local
attacker with the ability to run scripts on the HTTP server could
manipulate the scoreboard and cause arbitrary processes to be
terminated which could lead to a denial of service.
-
Update Released: 7th September 2007
-
Affects:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
mod_cache proxy DoS
CVE-2007-1863
A bug was found in the mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module.
-
Update Released: 7th September 2007
-
Affects:
2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37
|
Fixed in Apache httpd 2.0.59
|
-
important:
mod_rewrite off-by-one error
CVE-2006-3747
An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely. For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
-
Update Released: 27th July 2006
-
Affects:
2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46
|
Fixed in Apache httpd 2.0.58
|
-
low:
mod_ssl access control DoS
CVE-2005-3357
A NULL pointer dereference flaw in mod_ssl was discovered affecting server
configurations where an SSL virtual host is configured with access control
and a custom 400 error document. A remote attacker could send a carefully
crafted request to trigger this issue which would lead to a crash. This
crash would only be a denial of service if using the worker MPM.
-
Update Released: 1st May 2006
-
Affects:
2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
mod_imap Referer Cross-Site Scripting
CVE-2005-3352
A flaw in mod_imap when using the Referer directive with image maps.
In certain site configurations a remote attacker could perform a cross-site
scripting attack if a victim can be forced to visit a malicious
URL using certain web browsers.
-
Update Released: 1st May 2006
-
Affects:
2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.55
|
-
important:
SSLVerifyClient bypass
CVE-2005-2700
A flaw in the mod_ssl handling of the "SSLVerifyClient"
directive. This flaw would occur if a virtual host has been configured
using "SSLVerifyClient optional" and further a directive "SSLVerifyClient
required" is set for a specific location. For servers configured in this
fashion, an attacker may be able to access resources that should otherwise
be protected, by not supplying a client certificate when connecting.
-
Update Released: 14th October 2005
-
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
low:
Worker MPM memory leak
CVE-2005-2970
A memory leak in the worker MPM would allow remote attackers to cause
a denial of service (memory consumption) via aborted connections,
which prevents the memory for the transaction pool from being reused
for other connections. This issue was downgraded in severity to low
(from moderate) as sucessful exploitation of the race condition would
be difficult.
-
Update Released: 14th October 2005
-
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36
-
low:
PCRE overflow
CVE-2005-2491
An integer overflow flaw was found in PCRE, a Perl-compatible regular
expression library included within httpd. A local user who has the
ability to create .htaccess files could create a maliciously crafted
regular expression in such as way that they could gain the privileges
of a httpd child.
-
Update Released: 14th October 2005
-
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
low:
Malicious CRL off-by-one
CVE-2005-1268
An off-by-one stack overflow was discovered in the mod_ssl CRL
verification callback. In order to exploit this issue the Apache
server would need to be configured to use a malicious certificate
revocation list (CRL)
-
Update Released: 14th October 2005
-
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
Byterange filter DoS
CVE-2005-2728
A flaw in the byterange filter would cause some responses to be buffered
into memory. If a server has a dynamic resource such as a CGI
script or PHP script which generates a large amount of data, an attacker
could send carefully crafted requests in order to consume resources,
potentially leading to a Denial of Service.
-
Update Released: 14th October 2005
-
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
HTTP Request Spoofing
CVE-2005-2088
A flaw occured when using the Apache server as a HTTP proxy. A remote
attacker could send a HTTP request with both a "Transfer-Encoding:
chunked" header and a Content-Length header, causing Apache to
incorrectly handle and forward the body of the request in a way that
causes the receiving server to process it as a separate HTTP request.
This could allow the bypass of web application firewall protection or
lead to cross-site scripting (XSS) attacks.
-
Update Released: 14th October 2005
-
Affects:
2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.53
|
-
important:
Memory consumption DoS
CVE-2004-0942
An issue was discovered where the field length limit was not enforced
for certain malicious requests. This could allow a remote attacker who
is able to send large amounts of data to a server the ability to cause
Apache children to consume proportional amounts of memory, leading to
a denial of service.
-
Update Released: 8th February 2005
-
Affects:
2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
low:
mod_disk_cache stores sensitive headers
CVE-2004-1834
The experimental mod_disk_cache module stored client authentication
credentials for cached objects such as proxy authentication credentials
and Basic Authentication passwords on disk.
-
Update Released: 8th February 2005
-
Affects:
2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
SSLCipherSuite bypass
CVE-2004-0885
An issue has been discovered in the mod_ssl module when configured to use
the "SSLCipherSuite" directive in directory or location context. If a
particular location context has been configured to require a specific set
of cipher suites, then a client will be able to access that location using
any cipher suite allowed by the virtual host configuration.
-
Update Released: 8th February 2005
-
Affects:
2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.52
|
-
important:
Basic authentication bypass
CVE-2004-0811
A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy
directive which could result in access being granted to
resources despite any configured authentication
-
Update Released: 28th September 2004
-
Affects:
2.0.51
|
Fixed in Apache httpd 2.0.51
|
-
critical:
IPv6 URI parsing heap overflow
CVE-2004-0786
Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util library.
If a remote attacker sent a request including a carefully crafted URI, an
httpd child process could be made to crash. One some BSD systems it
is believed this flaw may be able to lead to remote code execution.
-
Update Released: 15th September 2004
-
Affects:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
important:
SSL connection infinite loop
CVE-2004-0748
An issue was discovered in the mod_ssl module in Apache 2.0.
A remote attacker who forces an SSL connection to
be aborted in a particular state may cause an Apache child process to
enter an infinite loop, consuming CPU resources.
-
Update Released: 15th September 2004
-
Affects:
2.0.50, 2.0.49?, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
-
low:
Environment variable expansion flaw
CVE-2004-0747
The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
expansion of environment variables during configuration file parsing. This
issue could allow a local user to gain the privileges of a httpd
child if a server can be forced to parse a carefully crafted .htaccess file
written by a local user.
-
Update Released: 15th September 2004
-
Affects:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
low:
Malicious SSL proxy can cause crash
CVE-2004-0751
An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50
which could be triggered if
the server is configured to allow proxying to a remote SSL server. A
malicious remote SSL server could force an httpd child process to crash by
sending a carefully crafted response header. This issue is not believed to
allow execution of arbitrary code and will only result in a denial
of service where a threaded process model is in use.
-
Update Released: 15th September 2004
-
Affects:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44
-
low:
WebDAV remote crash
CVE-2004-0809
An issue was discovered in the mod_dav module which could be triggered
for a location where WebDAV authoring access has been configured. A
malicious remote client which is authorized to use the LOCK method
could force an httpd child process to crash by sending a particular
sequence of LOCK requests. This issue does not allow execution of
arbitrary code. and will only result in a denial of service where a
threaded process model is in use.
-
Update Released: 15th September 2004
-
Affects:
2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.50
|
-
important:
Header parsing memory leak
CVE-2004-0493
A memory leak in parsing of HTTP headers which can be triggered
remotely may allow a denial of service attack due to excessive memory
consumption.
-
Update Released: 1st July 2004
-
Affects:
2.0.49, 2.0.48?, 2.0.47?, 2.0.46?, 2.0.45?, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
-
low:
FakeBasicAuth overflow
CVE-2004-0488
A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited
by an attacker using a (trusted) client certificate with a subject DN
field which exceeds 6K in length.
-
Update Released: 1st July 2004
-
Affects:
2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.49
|
-
important:
listening socket starvation
CVE-2004-0174
A starvation issue on listening sockets occurs when a short-lived
connection on a rarely-accessed listening socket will cause a child to
hold the accept mutex and block out new connections until another
connection arrives on that rarely-accessed listening socket. This
issue is known to affect some versions of AIX, Solaris, and Tru64; it
is known to not affect FreeBSD or Linux.
-
Update Released: 19th March 2004
-
Affects:
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
important:
mod_ssl memory leak
CVE-2004-0113
A memory leak in mod_ssl allows a remote denial of service attack
against an SSL-enabled server by sending plain HTTP requests to the
SSL port.
-
Update Released: 19th March 2004
-
Affects:
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
low:
Error log escape filtering
CVE-2003-0020
Apache does not filter terminal escape sequences from error logs,
which could make it easier for attackers to insert those sequences
into terminal emulators containing vulnerabilities related to escape
sequences.
-
Update Released: 19th March 2004
-
Affects:
2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.48
|
-
low:
Local configuration regular expression overflow
CVE-2003-0542
By using a regular expression with more than 9 captures a buffer
overflow can occur in mod_alias or mod_rewrite. To exploit this an
attacker would need to be able to create a carefully crafted configuration
file (.htaccess or httpd.conf)
-
Update Released: 27th October 2003
-
Affects:
2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
CGI output information leak
CVE-2003-0789
A bug in mod_cgid mishandling of CGI redirect paths can result in
CGI output going to the wrong client when a threaded MPM
is used.
-
Update Released: 27th October 2003
-
Affects:
2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.47
|
-
important:
Remote DoS with multiple Listen directives
CVE-2003-0253
In a server with multiple listening sockets a certain error returned
by accept() on a rarely access port can cause a temporary denial of
service, due to a bug in the prefork MPM.
-
Update Released: 9th July 2003
-
Affects:
2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
low:
mod_ssl renegotiation issue
CVE-2003-0192
A bug in the optional renegotiation code in mod_ssl included with
Apache httpd can cause cipher suite restrictions to be ignored.
This is triggered if optional renegotiation is used (SSLOptions
+OptRenegotiate) along with verification of client certificates
and a change to the cipher suite over the renegotiation.
-
Update Released: 9th July 2003
-
Affects:
2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
Remote DoS via IPv6 ftp proxy
CVE-2003-0254
When a client requests that proxy ftp connect to a ftp server with
IPv6 address, and the proxy is unable to create an IPv6 socket,
an infinite loop occurs causing a remote Denial of Service.
-
Update Released: 9th July 2003
-
Affects:
2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.46
|
-
critical:
APR remote crash
CVE-2003-0245
A vulnerability in the apr_psprintf function in the Apache Portable
Runtime (APR) library allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via long strings, as demonstrated using XML objects to
mod_dav, and possibly other vectors.
-
Update Released: 28th May 2003
-
Affects:
2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37
-
important:
Basic Authentication DoS
CVE-2003-0189
A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers
to cause a denial of access to authenticated content when a threaded
server is used.
-
Update Released: 28th May 2003
-
Affects:
2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40
-
important:
OS2 device name DoS
CVE-2003-0134
Apache on OS2 up to and including Apache 2.0.45
have a Denial of Service vulnerability caused by
device names.
-
Update Released: 28th May 2003
-
Affects:
2.0.45, 2.0.44?, 2.0.43?, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
-
low:
Filtered escape sequences
CVE-2003-0083
Apache did not filter terminal escape sequences from its
access logs, which could make it easier for attackers to insert those
sequences into terminal emulators containing vulnerabilities related
to escape sequences.
-
Update Released: 2nd April 2004
-
Affects:
2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.45
|
-
important:
Line feed memory leak DoS
CVE-2003-0132
Apache 2.0 versions before Apache 2.0.45 had a significant Denial of
Service vulnerability. Remote attackers could cause a denial of service
(memory consumption) via large chunks of linefeed characters, which
causes Apache to allocate 80 bytes for each linefeed.
-
Update Released: 2nd April 2004
-
Affects:
2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.44
|
-
critical:
MS-DOS device name filtering
CVE-2003-0016
On Windows platforms Apache did not
correctly filter MS-DOS device names which
could lead to denial of service attacks or remote code execution.
-
Update Released: 20th January 2003
-
Affects:
2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
-
important:
Apache can serve unexpected files
CVE-2003-0017
On Windows platforms Apache could be forced to serve unexpected files
by appending illegal characters such as '<' to the request URL
-
Update Released: 20th January 2003
-
Affects:
2.0.43, 2.0.42?, 2.0.40?, 2.0.39?, 2.0.37?, 2.0.36?, 2.0.35?
|
Fixed in Apache httpd 2.0.43
|
-
low:
Error page XSS using wildcard DNS
CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of
Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
UseCanonicalName is "Off" and support for wildcard DNS is present,
allows remote attackers to execute script as other web page visitors
via the Host: header.
-
Update Released: 3rd October 2002
-
Affects:
2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
-
moderate:
CGI scripts source revealed using WebDAV
CVE-2002-1156
In Apache 2.0.42 only, for a location where both WebDAV and CGI were
enabled, a POST request to a CGI script would reveal the CGI source to
a remote user.
-
Update Released: 3rd October 2002
-
Affects:
2.0.42
|
Fixed in Apache httpd 2.0.42
|
-
moderate:
mod_dav crash
CVE-2002-1593
A flaw was found in handling of versioning hooks in mod_dav. An attacker
could send a carefully crafted request in such a way to cause the child
process handling the connection to crash. This issue will only result
in a denial of service where a threaded process model is in use.
-
Update Released: 24th September 2002
-
Affects:
2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.40
|
-
important:
Path vulnerability
CVE-2002-0661
Certain URIs would bypass security
and allow users to invoke or access any file depending on the system
configuration. Affects Windows, OS2, Netware and Cygwin platforms
only.
-
Update Released: 9th August 2002
-
Affects:
2.0.39, 2.0.37, 2.0.36, 2.0.35
-
low:
Path revealing exposures
CVE-2002-0654
A path-revealing exposure was present in multiview type
map negotiation (such as the default error documents) where a
module would report the full path of the typemapped .var file when
multiple documents or no documents could be served.
Additionally a path-revealing exposure in cgi/cgid when Apache
fails to invoke a script. The modules would report "couldn't create
child process /path-to-script/script.pl" revealing the full path
of the script.
-
Update Released: 9th August 2002
-
Affects:
2.0.39, 2.0.37?, 2.0.36?, 2.0.35?
|
Fixed in Apache httpd 2.0.37
|
-
critical:
Apache Chunked encoding vulnerability
CVE-2002-0392
Malicious requests can cause various effects
ranging from a relatively harmless increase in
system resources through to denial of service attacks and in some
cases the ability to execute arbitrary remote code.
-
Update Released: 18th June 2002
-
Affects:
2.0.36, 2.0.35
|
Fixed in Apache httpd 2.0.36
|
-
low:
Warning messages could be displayed to users
CVE-2002-1592
In some cases warning messages could get returned to end users in
addition to being recorded in the error log. This could reveal the
path to a CGI script for example, a minor security exposure.
-
Update Released: 8th May 2002
-
Affects:
2.0.35
|
|