Search for packages
| purl | pkg:apache/httpd@1.3.31 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-123w-f3zc-37d9
Aliases: CVE-2010-0010 |
An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted response. |
Affected by 1 other vulnerability. |
|
VCID-dqkp-f1my-dbg9
Aliases: CVE-2007-5000 |
A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible. |
Affected by 2 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-j3mb-97k1-uuh9
Aliases: CVE-2006-5752 |
A flaw was found in the mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. |
Affected by 4 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 54 other vulnerabilities. |
|
VCID-kcwg-hswv-2uf7
Aliases: CVE-2005-3352 |
A flaw in mod_imap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. |
Affected by 7 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-kgpj-aexq-7kah
Aliases: CVE-2007-6388 |
A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. |
Affected by 2 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-me4r-1qb6-dqdf
Aliases: CVE-2006-3918 |
A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marked as a security issue for 2.0 or 2.2 as the cross-site scripting is only returned to the victim after the server times out a connection. |
Affected by 7 other vulnerabilities. |
|
VCID-prd8-51a5-pygj
Aliases: CVE-2011-3368 |
An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/ |
Affected by 0 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-qf2e-kgxk-pkhc
Aliases: CVE-2006-3747 |
An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. |
Affected by 6 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 58 other vulnerabilities. |
|
VCID-srxw-jjvr-p3d5
Aliases: CVE-2007-3304 |
The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. |
Affected by 4 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 54 other vulnerabilities. |
|
VCID-x89d-7t1q-skcx
Aliases: CVE-2004-0492 |
A buffer overflow was found in the Apache proxy module, mod_proxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cause the Apache child processing the request to crash, although this does not represent a significant Denial of Service attack as requests will continue to be handled by other Apache child processes. This issue may lead to remote arbitrary code execution on some BSD platforms. |
Affected by 10 other vulnerabilities. |
|
VCID-zn9e-rcpj-yuax
Aliases: CVE-2004-0940 |
A buffer overflow in mod_include could allow a local user who is authorised to create server side include (SSI) files to gain the privileges of a httpd child. |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3m9y-maes-5ycp | Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. |
CVE-2003-0020
|
| VCID-9xk2-as1c-7kd2 | A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect some versions of AIX, Solaris, and Tru64; it is known to not affect FreeBSD or Linux. |
CVE-2004-0174
|
| VCID-e2sp-bna5-mqb6 | A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match. |
CVE-2003-0993
|
| VCID-ug4a-zxkg-cbew | mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that mod_digest implements an older version of the MD5 Digest Authentication specification which is known not to work with modern browsers. This issue does not affect mod_auth_digest. |
CVE-2003-0987
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:36:17.549259+00:00 | Apache HTTPD Importer | Affected by | VCID-prd8-51a5-pygj | https://httpd.apache.org/security/json/CVE-2011-3368.json | 38.0.0 |
| 2026-04-01T12:36:16.563970+00:00 | Apache HTTPD Importer | Affected by | VCID-123w-f3zc-37d9 | https://httpd.apache.org/security/json/CVE-2010-0010.json | 38.0.0 |
| 2026-04-01T12:36:14.860580+00:00 | Apache HTTPD Importer | Affected by | VCID-kgpj-aexq-7kah | https://httpd.apache.org/security/json/CVE-2007-6388.json | 38.0.0 |
| 2026-04-01T12:36:14.605162+00:00 | Apache HTTPD Importer | Affected by | VCID-dqkp-f1my-dbg9 | https://httpd.apache.org/security/json/CVE-2007-5000.json | 38.0.0 |
| 2026-04-01T12:36:14.250863+00:00 | Apache HTTPD Importer | Affected by | VCID-srxw-jjvr-p3d5 | https://httpd.apache.org/security/json/CVE-2007-3304.json | 38.0.0 |
| 2026-04-01T12:36:13.886591+00:00 | Apache HTTPD Importer | Affected by | VCID-j3mb-97k1-uuh9 | https://httpd.apache.org/security/json/CVE-2006-5752.json | 38.0.0 |
| 2026-04-01T12:36:13.834171+00:00 | Apache HTTPD Importer | Affected by | VCID-me4r-1qb6-dqdf | https://httpd.apache.org/security/json/CVE-2006-3918.json | 38.0.0 |
| 2026-04-01T12:36:13.692655+00:00 | Apache HTTPD Importer | Affected by | VCID-qf2e-kgxk-pkhc | https://httpd.apache.org/security/json/CVE-2006-3747.json | 38.0.0 |
| 2026-04-01T12:36:13.439374+00:00 | Apache HTTPD Importer | Affected by | VCID-kcwg-hswv-2uf7 | https://httpd.apache.org/security/json/CVE-2005-3352.json | 38.0.0 |
| 2026-04-01T12:36:13.015740+00:00 | Apache HTTPD Importer | Affected by | VCID-zn9e-rcpj-yuax | https://httpd.apache.org/security/json/CVE-2004-0940.json | 38.0.0 |
| 2026-04-01T12:36:12.732573+00:00 | Apache HTTPD Importer | Affected by | VCID-x89d-7t1q-skcx | https://httpd.apache.org/security/json/CVE-2004-0492.json | 38.0.0 |
| 2026-04-01T12:36:12.641236+00:00 | Apache HTTPD Importer | Fixing | VCID-9xk2-as1c-7kd2 | https://httpd.apache.org/security/json/CVE-2004-0174.json | 38.0.0 |
| 2026-04-01T12:36:12.563625+00:00 | Apache HTTPD Importer | Fixing | VCID-e2sp-bna5-mqb6 | https://httpd.apache.org/security/json/CVE-2003-0993.json | 38.0.0 |
| 2026-04-01T12:36:12.515885+00:00 | Apache HTTPD Importer | Fixing | VCID-ug4a-zxkg-cbew | https://httpd.apache.org/security/json/CVE-2003-0987.json | 38.0.0 |
| 2026-04-01T12:36:11.958618+00:00 | Apache HTTPD Importer | Fixing | VCID-3m9y-maes-5ycp | https://httpd.apache.org/security/json/CVE-2003-0020.json | 38.0.0 |