Search for packages
| purl | pkg:apache/httpd@1.3.9 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-18fr-y5a4-mbej
Aliases: CVE-2003-0993 |
A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match. |
Affected by 11 other vulnerabilities. |
|
VCID-25s8-2u66-q7hw
Aliases: CVE-2000-1206 |
A security problem can occur for sites using mass name-based virtual hosting (using the new mod_vhost_alias module) or with special mod_rewrite rules. |
Affected by 22 other vulnerabilities. |
|
VCID-3c9u-faw7-bufn
Aliases: CVE-2000-1204 |
A security problem for users of the mass virtual hosting module, mod_vhost_alias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root. |
Affected by 20 other vulnerabilities. |
|
VCID-3jwr-1p7h-6ybs
Aliases: CVE-2006-3918 |
A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marked as a security issue for 2.0 or 2.2 as the cross-site scripting is only returned to the victim after the server times out a connection. |
Affected by 7 other vulnerabilities. |
|
VCID-786n-h8ud-vkf7
Aliases: CVE-2010-0010 |
An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted response. |
Affected by 1 other vulnerability. |
|
VCID-8rr4-7xg6-8bfk
Aliases: CVE-2006-5752 |
A flaw was found in the mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. |
Affected by 4 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 54 other vulnerabilities. |
|
VCID-97td-xrye-b3en
Aliases: CVE-2002-0392 |
Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code. |
Affected by 17 other vulnerabilities. Affected by 55 other vulnerabilities. |
|
VCID-cnyy-7wjk-z3gy
Aliases: CVE-2002-0843 |
Buffer overflows in the benchmarking utility ab could be exploited if ab is run against a malicious server |
Affected by 15 other vulnerabilities. |
|
VCID-erjx-arjg-2kfa
Aliases: CVE-2001-0730 |
A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to. |
Affected by 19 other vulnerabilities. |
|
VCID-ffwk-1yj1-17f9
Aliases: CVE-2004-0940 |
A buffer overflow in mod_include could allow a local user who is authorised to create server side include (SSI) files to gain the privileges of a httpd child. |
Affected by 9 other vulnerabilities. |
|
VCID-fw17-kr1h-ufb8
Aliases: CVE-2000-1205 |
Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example, obtain copies of your private cookies used to authenticate you to other sites. |
Affected by 23 other vulnerabilities. |
|
VCID-g2dz-n5yc-eua6
Aliases: CVE-2007-6388 |
A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. |
Affected by 2 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-jnrv-wuh9-47ek
Aliases: CVE-2002-0840 |
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header. |
Affected by 15 other vulnerabilities. Affected by 55 other vulnerabilities. |
|
VCID-jv33-5dmr-kufx
Aliases: CVE-2003-0542 |
By using a regular expression with more than 9 captures a buffer overflow can occur in mod_alias or mod_rewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file (.htaccess or httpd.conf) |
Affected by 15 other vulnerabilities. Affected by 46 other vulnerabilities. |
|
VCID-jyex-1hdd-fyat
Aliases: CVE-2003-0083 |
Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. |
Affected by 17 other vulnerabilities. Affected by 51 other vulnerabilities. |
|
VCID-nq6v-nvbf-zfda
Aliases: CVE-2007-5000 |
A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible. |
Affected by 2 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 49 other vulnerabilities. |
|
VCID-p8nf-g1ca-2kdr
Aliases: CVE-2003-0987 |
mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that mod_digest implements an older version of the MD5 Digest Authentication specification which is known not to work with modern browsers. This issue does not affect mod_auth_digest. |
Affected by 11 other vulnerabilities. |
|
VCID-qcwv-72d2-c3cy
Aliases: CVE-2007-3304 |
The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. |
Affected by 4 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 54 other vulnerabilities. |
|
VCID-qmyf-1sgn-dbf2
Aliases: CVE-2003-0020 |
Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. |
Affected by 11 other vulnerabilities. Affected by 44 other vulnerabilities. |
|
VCID-shmb-1ncq-wbgp
Aliases: CVE-2005-3352 |
A flaw in mod_imap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. |
Affected by 7 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-wawt-34hd-wbgq
Aliases: CVE-2002-0839 |
The permissions of the shared memory used for the scoreboard allows an attacker who can execute under the Apache UID to send a signal to any process as root or cause a local denial of service attack. |
Affected by 15 other vulnerabilities. |
|
VCID-z7xa-vrkn-t3bj
Aliases: CVE-2011-3368 |
An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/ |
Affected by 0 other vulnerabilities. Affected by 21 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-31T08:28:54.398827+00:00 | Apache HTTPD Importer | Affected by | VCID-z7xa-vrkn-t3bj | https://httpd.apache.org/security/json/CVE-2011-3368.json | 37.0.0 |
| 2025-07-31T08:28:51.781299+00:00 | Apache HTTPD Importer | Affected by | VCID-786n-h8ud-vkf7 | https://httpd.apache.org/security/json/CVE-2010-0010.json | 37.0.0 |
| 2025-07-31T08:28:47.464066+00:00 | Apache HTTPD Importer | Affected by | VCID-g2dz-n5yc-eua6 | https://httpd.apache.org/security/json/CVE-2007-6388.json | 37.0.0 |
| 2025-07-31T08:28:46.776876+00:00 | Apache HTTPD Importer | Affected by | VCID-nq6v-nvbf-zfda | https://httpd.apache.org/security/json/CVE-2007-5000.json | 37.0.0 |
| 2025-07-31T08:28:45.833710+00:00 | Apache HTTPD Importer | Affected by | VCID-qcwv-72d2-c3cy | https://httpd.apache.org/security/json/CVE-2007-3304.json | 37.0.0 |
| 2025-07-31T08:28:44.896774+00:00 | Apache HTTPD Importer | Affected by | VCID-8rr4-7xg6-8bfk | https://httpd.apache.org/security/json/CVE-2006-5752.json | 37.0.0 |
| 2025-07-31T08:28:44.697442+00:00 | Apache HTTPD Importer | Affected by | VCID-3jwr-1p7h-6ybs | https://httpd.apache.org/security/json/CVE-2006-3918.json | 37.0.0 |
| 2025-07-31T08:28:43.649076+00:00 | Apache HTTPD Importer | Affected by | VCID-shmb-1ncq-wbgp | https://httpd.apache.org/security/json/CVE-2005-3352.json | 37.0.0 |
| 2025-07-31T08:28:42.634934+00:00 | Apache HTTPD Importer | Affected by | VCID-ffwk-1yj1-17f9 | https://httpd.apache.org/security/json/CVE-2004-0940.json | 37.0.0 |
| 2025-07-31T08:28:41.595283+00:00 | Apache HTTPD Importer | Affected by | VCID-18fr-y5a4-mbej | https://httpd.apache.org/security/json/CVE-2003-0993.json | 37.0.0 |
| 2025-07-31T08:28:41.475946+00:00 | Apache HTTPD Importer | Affected by | VCID-p8nf-g1ca-2kdr | https://httpd.apache.org/security/json/CVE-2003-0987.json | 37.0.0 |
| 2025-07-31T08:28:41.122634+00:00 | Apache HTTPD Importer | Affected by | VCID-jv33-5dmr-kufx | https://httpd.apache.org/security/json/CVE-2003-0542.json | 37.0.0 |
| 2025-07-31T08:28:40.427184+00:00 | Apache HTTPD Importer | Affected by | VCID-jyex-1hdd-fyat | https://httpd.apache.org/security/json/CVE-2003-0083.json | 37.0.0 |
| 2025-07-31T08:28:40.119014+00:00 | Apache HTTPD Importer | Affected by | VCID-qmyf-1sgn-dbf2 | https://httpd.apache.org/security/json/CVE-2003-0020.json | 37.0.0 |
| 2025-07-31T08:28:39.839592+00:00 | Apache HTTPD Importer | Affected by | VCID-cnyy-7wjk-z3gy | https://httpd.apache.org/security/json/CVE-2002-0843.json | 37.0.0 |
| 2025-07-31T08:28:39.616988+00:00 | Apache HTTPD Importer | Affected by | VCID-jnrv-wuh9-47ek | https://httpd.apache.org/security/json/CVE-2002-0840.json | 37.0.0 |
| 2025-07-31T08:28:39.511657+00:00 | Apache HTTPD Importer | Affected by | VCID-wawt-34hd-wbgq | https://httpd.apache.org/security/json/CVE-2002-0839.json | 37.0.0 |
| 2025-07-31T08:28:39.256548+00:00 | Apache HTTPD Importer | Affected by | VCID-97td-xrye-b3en | https://httpd.apache.org/security/json/CVE-2002-0392.json | 37.0.0 |
| 2025-07-31T08:28:39.033231+00:00 | Apache HTTPD Importer | Affected by | VCID-erjx-arjg-2kfa | https://httpd.apache.org/security/json/CVE-2001-0730.json | 37.0.0 |
| 2025-07-31T08:28:38.941221+00:00 | Apache HTTPD Importer | Affected by | VCID-25s8-2u66-q7hw | https://httpd.apache.org/security/json/CVE-2000-1206.json | 37.0.0 |
| 2025-07-31T08:28:38.904707+00:00 | Apache HTTPD Importer | Affected by | VCID-fw17-kr1h-ufb8 | https://httpd.apache.org/security/json/CVE-2000-1205.json | 37.0.0 |
| 2025-07-31T08:28:38.832423+00:00 | Apache HTTPD Importer | Affected by | VCID-3c9u-faw7-bufn | https://httpd.apache.org/security/json/CVE-2000-1204.json | 37.0.0 |