Search for packages
| purl | pkg:apache/httpd@1.3.26 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2x6x-awvc-aaab
Aliases: CVE-2002-0840 |
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. |
Affected by 15 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 55 other vulnerabilities. |
|
VCID-44gh-afxy-aaad
Aliases: CVE-2007-3304 |
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 54 other vulnerabilities. Affected by 54 other vulnerabilities. |
|
VCID-9ct1-1kcj-aaaa
Aliases: CVE-2003-0542 |
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. |
Affected by 15 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 46 other vulnerabilities. |
|
VCID-beah-u8vc-aaaq
Aliases: CVE-2006-3918 |
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. |
Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ftdm-put6-aaaf
Aliases: CVE-2007-5000 |
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-gvhx-tsvx-aaam
Aliases: CVE-2002-0843 |
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. |
Affected by 15 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-kjcr-z95a-aaae
Aliases: CVE-2007-6388 |
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-m4ax-6zsp-aaas
Aliases: CVE-2003-0020 |
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. |
Affected by 11 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 44 other vulnerabilities. |
|
VCID-ncrq-j3f7-aaag
Aliases: CVE-2010-0010 |
CVE-2010-0010 rhn-apache: buffer overflow via integer overflow vulnerability on 64bit platforms |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-ngus-6ra7-aaab
Aliases: CVE-2004-0492 |
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. |
Affected by 10 other vulnerabilities. |
|
VCID-nm2g-nz56-aaas
Aliases: CVE-2006-5752 |
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 54 other vulnerabilities. Affected by 54 other vulnerabilities. |
|
VCID-qpz8-ys7s-aaam
Aliases: CVE-2005-3352 |
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. |
Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-w9jt-7rgt-aaaq
Aliases: CVE-2004-0940 |
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. |
Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wyfa-5v5x-aaam
Aliases: CVE-2011-3368 |
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-xzrh-rhxk-aaar
Aliases: CVE-2003-0993 |
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. |
Affected by 11 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-z8wg-hvgz-aaae
Aliases: CVE-2003-0987 |
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. |
Affected by 11 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zc9h-vtkn-aaah
Aliases: CVE-2002-0839 |
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. |
Affected by 15 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-jz2v-4k62-aaac | Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. |
CVE-2002-0392
|
| VCID-zrpf-ny12-aaak | Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. |
CVE-2003-0083
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T12:34:43.278723+00:00 | Apache HTTPD Importer | Affected by | VCID-wyfa-5v5x-aaam | https://httpd.apache.org/security/json/CVE-2011-3368.json | 36.0.0 |
| 2025-03-28T12:34:40.608613+00:00 | Apache HTTPD Importer | Affected by | VCID-ncrq-j3f7-aaag | https://httpd.apache.org/security/json/CVE-2010-0010.json | 36.0.0 |
| 2025-03-28T12:34:36.153880+00:00 | Apache HTTPD Importer | Affected by | VCID-kjcr-z95a-aaae | https://httpd.apache.org/security/json/CVE-2007-6388.json | 36.0.0 |
| 2025-03-28T12:34:35.384318+00:00 | Apache HTTPD Importer | Affected by | VCID-ftdm-put6-aaaf | https://httpd.apache.org/security/json/CVE-2007-5000.json | 36.0.0 |
| 2025-03-28T12:34:34.400646+00:00 | Apache HTTPD Importer | Affected by | VCID-44gh-afxy-aaad | https://httpd.apache.org/security/json/CVE-2007-3304.json | 36.0.0 |
| 2025-03-28T12:34:33.424447+00:00 | Apache HTTPD Importer | Affected by | VCID-nm2g-nz56-aaas | https://httpd.apache.org/security/json/CVE-2006-5752.json | 36.0.0 |
| 2025-03-28T12:34:33.292690+00:00 | Apache HTTPD Importer | Affected by | VCID-beah-u8vc-aaaq | https://httpd.apache.org/security/json/CVE-2006-3918.json | 36.0.0 |
| 2025-03-28T12:34:32.137068+00:00 | Apache HTTPD Importer | Affected by | VCID-qpz8-ys7s-aaam | https://httpd.apache.org/security/json/CVE-2005-3352.json | 36.0.0 |
| 2025-03-28T12:34:31.174166+00:00 | Apache HTTPD Importer | Affected by | VCID-w9jt-7rgt-aaaq | https://httpd.apache.org/security/json/CVE-2004-0940.json | 36.0.0 |
| 2025-03-28T12:34:30.586182+00:00 | Apache HTTPD Importer | Affected by | VCID-ngus-6ra7-aaab | https://httpd.apache.org/security/json/CVE-2004-0492.json | 36.0.0 |
| 2025-03-28T12:34:30.243426+00:00 | Apache HTTPD Importer | Affected by | VCID-xzrh-rhxk-aaar | https://httpd.apache.org/security/json/CVE-2003-0993.json | 36.0.0 |
| 2025-03-28T12:34:30.132406+00:00 | Apache HTTPD Importer | Affected by | VCID-z8wg-hvgz-aaae | https://httpd.apache.org/security/json/CVE-2003-0987.json | 36.0.0 |
| 2025-03-28T12:34:29.767391+00:00 | Apache HTTPD Importer | Affected by | VCID-9ct1-1kcj-aaaa | https://httpd.apache.org/security/json/CVE-2003-0542.json | 36.0.0 |
| 2025-03-28T12:34:29.182235+00:00 | Apache HTTPD Importer | Fixing | VCID-zrpf-ny12-aaak | https://httpd.apache.org/security/json/CVE-2003-0083.json | 36.0.0 |
| 2025-03-28T12:34:28.819811+00:00 | Apache HTTPD Importer | Affected by | VCID-m4ax-6zsp-aaas | https://httpd.apache.org/security/json/CVE-2003-0020.json | 36.0.0 |
| 2025-03-28T12:34:28.600709+00:00 | Apache HTTPD Importer | Affected by | VCID-gvhx-tsvx-aaam | https://httpd.apache.org/security/json/CVE-2002-0843.json | 36.0.0 |
| 2025-03-28T12:34:28.370781+00:00 | Apache HTTPD Importer | Affected by | VCID-2x6x-awvc-aaab | https://httpd.apache.org/security/json/CVE-2002-0840.json | 36.0.0 |
| 2025-03-28T12:34:28.272418+00:00 | Apache HTTPD Importer | Affected by | VCID-zc9h-vtkn-aaah | https://httpd.apache.org/security/json/CVE-2002-0839.json | 36.0.0 |
| 2025-03-28T12:34:28.042958+00:00 | Apache HTTPD Importer | Fixing | VCID-jz2v-4k62-aaac | https://httpd.apache.org/security/json/CVE-2002-0392.json | 36.0.0 |
| 2024-11-18T22:52:39.301862+00:00 | Apache HTTPD Importer | Affected by | VCID-wyfa-5v5x-aaam | https://httpd.apache.org/security/json/CVE-2011-3368.json | 34.3.2 |
| 2024-11-18T22:52:34.427497+00:00 | Apache HTTPD Importer | Affected by | VCID-ncrq-j3f7-aaag | https://httpd.apache.org/security/json/CVE-2010-0010.json | 34.3.2 |
| 2024-11-18T22:52:25.791950+00:00 | Apache HTTPD Importer | Affected by | VCID-kjcr-z95a-aaae | https://httpd.apache.org/security/json/CVE-2007-6388.json | 34.3.2 |
| 2024-11-18T22:52:24.635231+00:00 | Apache HTTPD Importer | Affected by | VCID-ftdm-put6-aaaf | https://httpd.apache.org/security/json/CVE-2007-5000.json | 34.3.2 |
| 2024-11-18T22:52:22.965968+00:00 | Apache HTTPD Importer | Affected by | VCID-44gh-afxy-aaad | https://httpd.apache.org/security/json/CVE-2007-3304.json | 34.3.2 |
| 2024-09-18T07:21:09.733338+00:00 | Apache HTTPD Importer | Affected by | VCID-nm2g-nz56-aaas | https://httpd.apache.org/security/json/CVE-2006-5752.json | 34.0.1 |
| 2024-09-18T07:21:09.601580+00:00 | Apache HTTPD Importer | Affected by | VCID-beah-u8vc-aaaq | https://httpd.apache.org/security/json/CVE-2006-3918.json | 34.0.1 |
| 2024-09-18T07:21:08.457976+00:00 | Apache HTTPD Importer | Affected by | VCID-qpz8-ys7s-aaam | https://httpd.apache.org/security/json/CVE-2005-3352.json | 34.0.1 |
| 2024-09-18T07:21:07.464300+00:00 | Apache HTTPD Importer | Affected by | VCID-w9jt-7rgt-aaaq | https://httpd.apache.org/security/json/CVE-2004-0940.json | 34.0.1 |
| 2024-09-18T07:21:06.848256+00:00 | Apache HTTPD Importer | Affected by | VCID-ngus-6ra7-aaab | https://httpd.apache.org/security/json/CVE-2004-0492.json | 34.0.1 |
| 2024-09-18T07:21:06.501802+00:00 | Apache HTTPD Importer | Affected by | VCID-xzrh-rhxk-aaar | https://httpd.apache.org/security/json/CVE-2003-0993.json | 34.0.1 |
| 2024-09-18T07:21:06.385779+00:00 | Apache HTTPD Importer | Affected by | VCID-z8wg-hvgz-aaae | https://httpd.apache.org/security/json/CVE-2003-0987.json | 34.0.1 |
| 2024-09-18T07:21:06.015348+00:00 | Apache HTTPD Importer | Affected by | VCID-9ct1-1kcj-aaaa | https://httpd.apache.org/security/json/CVE-2003-0542.json | 34.0.1 |
| 2024-09-18T07:21:05.433836+00:00 | Apache HTTPD Importer | Fixing | VCID-zrpf-ny12-aaak | https://httpd.apache.org/security/json/CVE-2003-0083.json | 34.0.1 |
| 2024-09-18T07:21:05.079289+00:00 | Apache HTTPD Importer | Affected by | VCID-m4ax-6zsp-aaas | https://httpd.apache.org/security/json/CVE-2003-0020.json | 34.0.1 |
| 2024-09-18T07:21:04.849456+00:00 | Apache HTTPD Importer | Affected by | VCID-gvhx-tsvx-aaam | https://httpd.apache.org/security/json/CVE-2002-0843.json | 34.0.1 |
| 2024-09-18T07:21:04.610362+00:00 | Apache HTTPD Importer | Affected by | VCID-2x6x-awvc-aaab | https://httpd.apache.org/security/json/CVE-2002-0840.json | 34.0.1 |
| 2024-09-18T07:21:04.507801+00:00 | Apache HTTPD Importer | Affected by | VCID-zc9h-vtkn-aaah | https://httpd.apache.org/security/json/CVE-2002-0839.json | 34.0.1 |
| 2024-09-18T07:21:04.265549+00:00 | Apache HTTPD Importer | Fixing | VCID-jz2v-4k62-aaac | https://httpd.apache.org/security/json/CVE-2002-0392.json | 34.0.1 |
| 2024-01-04T01:33:30.300809+00:00 | Apache HTTPD Importer | Affected by | VCID-wyfa-5v5x-aaam | https://httpd.apache.org/security/json/CVE-2011-3368.json | 34.0.0rc1 |
| 2024-01-04T01:33:27.721695+00:00 | Apache HTTPD Importer | Affected by | VCID-ncrq-j3f7-aaag | https://httpd.apache.org/security/json/CVE-2010-0010.json | 34.0.0rc1 |
| 2024-01-04T01:33:23.429479+00:00 | Apache HTTPD Importer | Affected by | VCID-kjcr-z95a-aaae | https://httpd.apache.org/security/json/CVE-2007-6388.json | 34.0.0rc1 |
| 2024-01-04T01:33:22.700639+00:00 | Apache HTTPD Importer | Affected by | VCID-ftdm-put6-aaaf | https://httpd.apache.org/security/json/CVE-2007-5000.json | 34.0.0rc1 |
| 2024-01-04T01:33:21.754806+00:00 | Apache HTTPD Importer | Affected by | VCID-44gh-afxy-aaad | https://httpd.apache.org/security/json/CVE-2007-3304.json | 34.0.0rc1 |
| 2024-01-04T01:33:20.821966+00:00 | Apache HTTPD Importer | Affected by | VCID-nm2g-nz56-aaas | https://httpd.apache.org/security/json/CVE-2006-5752.json | 34.0.0rc1 |
| 2024-01-04T01:33:20.692550+00:00 | Apache HTTPD Importer | Affected by | VCID-beah-u8vc-aaaq | https://httpd.apache.org/security/json/CVE-2006-3918.json | 34.0.0rc1 |
| 2024-01-04T01:33:19.596457+00:00 | Apache HTTPD Importer | Affected by | VCID-qpz8-ys7s-aaam | https://httpd.apache.org/security/json/CVE-2005-3352.json | 34.0.0rc1 |
| 2024-01-04T01:33:18.671363+00:00 | Apache HTTPD Importer | Affected by | VCID-w9jt-7rgt-aaaq | https://httpd.apache.org/security/json/CVE-2004-0940.json | 34.0.0rc1 |
| 2024-01-04T01:33:18.089741+00:00 | Apache HTTPD Importer | Affected by | VCID-ngus-6ra7-aaab | https://httpd.apache.org/security/json/CVE-2004-0492.json | 34.0.0rc1 |
| 2024-01-04T01:33:17.761308+00:00 | Apache HTTPD Importer | Affected by | VCID-xzrh-rhxk-aaar | https://httpd.apache.org/security/json/CVE-2003-0993.json | 34.0.0rc1 |
| 2024-01-04T01:33:17.651378+00:00 | Apache HTTPD Importer | Affected by | VCID-z8wg-hvgz-aaae | https://httpd.apache.org/security/json/CVE-2003-0987.json | 34.0.0rc1 |
| 2024-01-04T01:33:17.266740+00:00 | Apache HTTPD Importer | Affected by | VCID-9ct1-1kcj-aaaa | https://httpd.apache.org/security/json/CVE-2003-0542.json | 34.0.0rc1 |
| 2024-01-04T01:33:16.651334+00:00 | Apache HTTPD Importer | Fixing | VCID-zrpf-ny12-aaak | https://httpd.apache.org/security/json/CVE-2003-0083.json | 34.0.0rc1 |
| 2024-01-04T01:33:16.306009+00:00 | Apache HTTPD Importer | Affected by | VCID-m4ax-6zsp-aaas | https://httpd.apache.org/security/json/CVE-2003-0020.json | 34.0.0rc1 |
| 2024-01-04T01:33:16.069696+00:00 | Apache HTTPD Importer | Affected by | VCID-gvhx-tsvx-aaam | https://httpd.apache.org/security/json/CVE-2002-0843.json | 34.0.0rc1 |
| 2024-01-04T01:33:15.849214+00:00 | Apache HTTPD Importer | Affected by | VCID-2x6x-awvc-aaab | https://httpd.apache.org/security/json/CVE-2002-0840.json | 34.0.0rc1 |
| 2024-01-04T01:33:15.752804+00:00 | Apache HTTPD Importer | Affected by | VCID-zc9h-vtkn-aaah | https://httpd.apache.org/security/json/CVE-2002-0839.json | 34.0.0rc1 |
| 2024-01-04T01:33:15.527621+00:00 | Apache HTTPD Importer | Fixing | VCID-jz2v-4k62-aaac | https://httpd.apache.org/security/json/CVE-2002-0392.json | 34.0.0rc1 |