Search for packages
| purl | pkg:apache/httpd@1.3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2x6x-awvc-aaab
Aliases: CVE-2002-0840 |
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 55 other vulnerabilities. |
|
VCID-44gh-afxy-aaad
Aliases: CVE-2007-3304 |
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 54 other vulnerabilities. Affected by 54 other vulnerabilities. |
|
VCID-9ct1-1kcj-aaaa
Aliases: CVE-2003-0542 |
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 46 other vulnerabilities. |
|
VCID-ftdm-put6-aaaf
Aliases: CVE-2007-5000 |
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-gvhx-tsvx-aaam
Aliases: CVE-2002-0843 |
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-jz2v-4k62-aaac
Aliases: CVE-2002-0392 |
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 55 other vulnerabilities. |
|
VCID-m4ax-6zsp-aaas
Aliases: CVE-2003-0020 |
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 44 other vulnerabilities. |
|
VCID-qpz8-ys7s-aaam
Aliases: CVE-2005-3352 |
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-w9jt-7rgt-aaaq
Aliases: CVE-2004-0940 |
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-xmh3-4cny-aaah
Aliases: CVE-1999-1199 |
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. |
Affected by 19 other vulnerabilities. |
|
VCID-xuv4-91c9-aaad
Aliases: CVE-2001-0730 |
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-xzrh-rhxk-aaar
Aliases: CVE-2003-0993 |
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-z8jb-gzdv-aaab
Aliases: CVE-2000-1205 |
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-z8wg-hvgz-aaae
Aliases: CVE-2003-0987 |
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zc9h-vtkn-aaah
Aliases: CVE-2002-0839 |
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zrpf-ny12-aaak
Aliases: CVE-2003-0083 |
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 51 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T12:34:35.315610+00:00 | Apache HTTPD Importer | Affected by | VCID-ftdm-put6-aaaf | https://httpd.apache.org/security/json/CVE-2007-5000.json | 36.0.0 |
| 2025-03-28T12:34:34.332365+00:00 | Apache HTTPD Importer | Affected by | VCID-44gh-afxy-aaad | https://httpd.apache.org/security/json/CVE-2007-3304.json | 36.0.0 |
| 2025-03-28T12:34:32.068225+00:00 | Apache HTTPD Importer | Affected by | VCID-qpz8-ys7s-aaam | https://httpd.apache.org/security/json/CVE-2005-3352.json | 36.0.0 |
| 2025-03-28T12:34:31.103606+00:00 | Apache HTTPD Importer | Affected by | VCID-w9jt-7rgt-aaaq | https://httpd.apache.org/security/json/CVE-2004-0940.json | 36.0.0 |
| 2025-03-28T12:34:30.175020+00:00 | Apache HTTPD Importer | Affected by | VCID-xzrh-rhxk-aaar | https://httpd.apache.org/security/json/CVE-2003-0993.json | 36.0.0 |
| 2025-03-28T12:34:30.063852+00:00 | Apache HTTPD Importer | Affected by | VCID-z8wg-hvgz-aaae | https://httpd.apache.org/security/json/CVE-2003-0987.json | 36.0.0 |
| 2025-03-28T12:34:29.698866+00:00 | Apache HTTPD Importer | Affected by | VCID-9ct1-1kcj-aaaa | https://httpd.apache.org/security/json/CVE-2003-0542.json | 36.0.0 |
| 2025-03-28T12:34:29.069268+00:00 | Apache HTTPD Importer | Affected by | VCID-zrpf-ny12-aaak | https://httpd.apache.org/security/json/CVE-2003-0083.json | 36.0.0 |
| 2025-03-28T12:34:28.751256+00:00 | Apache HTTPD Importer | Affected by | VCID-m4ax-6zsp-aaas | https://httpd.apache.org/security/json/CVE-2003-0020.json | 36.0.0 |
| 2025-03-28T12:34:28.532565+00:00 | Apache HTTPD Importer | Affected by | VCID-gvhx-tsvx-aaam | https://httpd.apache.org/security/json/CVE-2002-0843.json | 36.0.0 |
| 2025-03-28T12:34:28.302089+00:00 | Apache HTTPD Importer | Affected by | VCID-2x6x-awvc-aaab | https://httpd.apache.org/security/json/CVE-2002-0840.json | 36.0.0 |
| 2025-03-28T12:34:28.204218+00:00 | Apache HTTPD Importer | Affected by | VCID-zc9h-vtkn-aaah | https://httpd.apache.org/security/json/CVE-2002-0839.json | 36.0.0 |
| 2025-03-28T12:34:27.955252+00:00 | Apache HTTPD Importer | Affected by | VCID-jz2v-4k62-aaac | https://httpd.apache.org/security/json/CVE-2002-0392.json | 36.0.0 |
| 2025-03-28T12:34:27.785769+00:00 | Apache HTTPD Importer | Affected by | VCID-xuv4-91c9-aaad | https://httpd.apache.org/security/json/CVE-2001-0730.json | 36.0.0 |
| 2025-03-28T12:34:27.689578+00:00 | Apache HTTPD Importer | Affected by | VCID-z8jb-gzdv-aaab | https://httpd.apache.org/security/json/CVE-2000-1205.json | 36.0.0 |
| 2025-03-28T12:34:27.590034+00:00 | Apache HTTPD Importer | Affected by | VCID-xmh3-4cny-aaah | https://httpd.apache.org/security/json/CVE-1999-1199.json | 36.0.0 |
| 2024-11-18T22:52:24.565975+00:00 | Apache HTTPD Importer | Affected by | VCID-ftdm-put6-aaaf | https://httpd.apache.org/security/json/CVE-2007-5000.json | 34.3.2 |
| 2024-11-18T22:52:22.899715+00:00 | Apache HTTPD Importer | Affected by | VCID-44gh-afxy-aaad | https://httpd.apache.org/security/json/CVE-2007-3304.json | 34.3.2 |
| 2024-09-18T07:21:08.391691+00:00 | Apache HTTPD Importer | Affected by | VCID-qpz8-ys7s-aaam | https://httpd.apache.org/security/json/CVE-2005-3352.json | 34.0.1 |
| 2024-09-18T07:21:07.392744+00:00 | Apache HTTPD Importer | Affected by | VCID-w9jt-7rgt-aaaq | https://httpd.apache.org/security/json/CVE-2004-0940.json | 34.0.1 |
| 2024-09-18T07:21:06.433764+00:00 | Apache HTTPD Importer | Affected by | VCID-xzrh-rhxk-aaar | https://httpd.apache.org/security/json/CVE-2003-0993.json | 34.0.1 |
| 2024-09-18T07:21:06.317313+00:00 | Apache HTTPD Importer | Affected by | VCID-z8wg-hvgz-aaae | https://httpd.apache.org/security/json/CVE-2003-0987.json | 34.0.1 |
| 2024-09-18T07:21:05.947481+00:00 | Apache HTTPD Importer | Affected by | VCID-9ct1-1kcj-aaaa | https://httpd.apache.org/security/json/CVE-2003-0542.json | 34.0.1 |
| 2024-09-18T07:21:05.319778+00:00 | Apache HTTPD Importer | Affected by | VCID-zrpf-ny12-aaak | https://httpd.apache.org/security/json/CVE-2003-0083.json | 34.0.1 |
| 2024-09-18T07:21:05.011333+00:00 | Apache HTTPD Importer | Affected by | VCID-m4ax-6zsp-aaas | https://httpd.apache.org/security/json/CVE-2003-0020.json | 34.0.1 |
| 2024-09-18T07:21:04.781344+00:00 | Apache HTTPD Importer | Affected by | VCID-gvhx-tsvx-aaam | https://httpd.apache.org/security/json/CVE-2002-0843.json | 34.0.1 |
| 2024-09-18T07:21:04.541815+00:00 | Apache HTTPD Importer | Affected by | VCID-2x6x-awvc-aaab | https://httpd.apache.org/security/json/CVE-2002-0840.json | 34.0.1 |
| 2024-09-18T07:21:04.436890+00:00 | Apache HTTPD Importer | Affected by | VCID-zc9h-vtkn-aaah | https://httpd.apache.org/security/json/CVE-2002-0839.json | 34.0.1 |
| 2024-09-18T07:21:04.183449+00:00 | Apache HTTPD Importer | Affected by | VCID-jz2v-4k62-aaac | https://httpd.apache.org/security/json/CVE-2002-0392.json | 34.0.1 |
| 2024-09-18T07:21:03.992567+00:00 | Apache HTTPD Importer | Affected by | VCID-xuv4-91c9-aaad | https://httpd.apache.org/security/json/CVE-2001-0730.json | 34.0.1 |
| 2024-09-18T07:21:03.885677+00:00 | Apache HTTPD Importer | Affected by | VCID-z8jb-gzdv-aaab | https://httpd.apache.org/security/json/CVE-2000-1205.json | 34.0.1 |
| 2024-09-18T07:21:03.769270+00:00 | Apache HTTPD Importer | Affected by | VCID-xmh3-4cny-aaah | https://httpd.apache.org/security/json/CVE-1999-1199.json | 34.0.1 |
| 2024-01-04T01:33:22.634588+00:00 | Apache HTTPD Importer | Affected by | VCID-ftdm-put6-aaaf | https://httpd.apache.org/security/json/CVE-2007-5000.json | 34.0.0rc1 |
| 2024-01-04T01:33:21.688265+00:00 | Apache HTTPD Importer | Affected by | VCID-44gh-afxy-aaad | https://httpd.apache.org/security/json/CVE-2007-3304.json | 34.0.0rc1 |
| 2024-01-04T01:33:19.529265+00:00 | Apache HTTPD Importer | Affected by | VCID-qpz8-ys7s-aaam | https://httpd.apache.org/security/json/CVE-2005-3352.json | 34.0.0rc1 |
| 2024-01-04T01:33:18.605393+00:00 | Apache HTTPD Importer | Affected by | VCID-w9jt-7rgt-aaaq | https://httpd.apache.org/security/json/CVE-2004-0940.json | 34.0.0rc1 |
| 2024-01-04T01:33:17.695228+00:00 | Apache HTTPD Importer | Affected by | VCID-xzrh-rhxk-aaar | https://httpd.apache.org/security/json/CVE-2003-0993.json | 34.0.0rc1 |
| 2024-01-04T01:33:17.581998+00:00 | Apache HTTPD Importer | Affected by | VCID-z8wg-hvgz-aaae | https://httpd.apache.org/security/json/CVE-2003-0987.json | 34.0.0rc1 |
| 2024-01-04T01:33:17.197951+00:00 | Apache HTTPD Importer | Affected by | VCID-9ct1-1kcj-aaaa | https://httpd.apache.org/security/json/CVE-2003-0542.json | 34.0.0rc1 |
| 2024-01-04T01:33:16.543569+00:00 | Apache HTTPD Importer | Affected by | VCID-zrpf-ny12-aaak | https://httpd.apache.org/security/json/CVE-2003-0083.json | 34.0.0rc1 |
| 2024-01-04T01:33:16.239930+00:00 | Apache HTTPD Importer | Affected by | VCID-m4ax-6zsp-aaas | https://httpd.apache.org/security/json/CVE-2003-0020.json | 34.0.0rc1 |
| 2024-01-04T01:33:16.004360+00:00 | Apache HTTPD Importer | Affected by | VCID-gvhx-tsvx-aaam | https://httpd.apache.org/security/json/CVE-2002-0843.json | 34.0.0rc1 |
| 2024-01-04T01:33:15.783279+00:00 | Apache HTTPD Importer | Affected by | VCID-2x6x-awvc-aaab | https://httpd.apache.org/security/json/CVE-2002-0840.json | 34.0.0rc1 |
| 2024-01-04T01:33:15.687232+00:00 | Apache HTTPD Importer | Affected by | VCID-zc9h-vtkn-aaah | https://httpd.apache.org/security/json/CVE-2002-0839.json | 34.0.0rc1 |
| 2024-01-04T01:33:15.452765+00:00 | Apache HTTPD Importer | Affected by | VCID-jz2v-4k62-aaac | https://httpd.apache.org/security/json/CVE-2002-0392.json | 34.0.0rc1 |
| 2024-01-04T01:33:15.264296+00:00 | Apache HTTPD Importer | Affected by | VCID-xuv4-91c9-aaad | https://httpd.apache.org/security/json/CVE-2001-0730.json | 34.0.0rc1 |
| 2024-01-04T01:33:15.154396+00:00 | Apache HTTPD Importer | Affected by | VCID-z8jb-gzdv-aaab | https://httpd.apache.org/security/json/CVE-2000-1205.json | 34.0.0rc1 |
| 2024-01-04T01:33:15.045873+00:00 | Apache HTTPD Importer | Affected by | VCID-xmh3-4cny-aaah | https://httpd.apache.org/security/json/CVE-1999-1199.json | 34.0.0rc1 |