CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2004-0263
https://notcve.org/view.php?id=CVE-2004-0263
01 Sep 2004 — PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. PHP 4.3.4 y anteriores en Apache 1.x y 2.x (mod_php) pude filtrar variables globales entre servidores virtuales con diferente configuración que son manejadas por el mismo proceso hijo de Apache, lo que podría permitir a atacantes remotos obtener información sensi... • http://security.gentoo.org/glsa/glsa-200402-01.xml •
CVSS: 7.5EPSS: 90%CPEs: 16EXPL: 3CVE-2004-0493 – Apache - Arbitrary Long HTTP Headers Denial of Service
https://notcve.org/view.php?id=CVE-2004-0493
30 Jun 2004 — The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. La función ap_get_mime_headers_core de Apache httpd 2.0.49 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) y posiblemente un error de entero sin signo que conduce a un d... • https://www.exploit-db.com/exploits/371 •
CVSS: 9.8EPSS: 50%CPEs: 4EXPL: 0CVE-2004-0488 – mod_ssl ssl_util_uuencode_binary CA issue
https://notcve.org/view.php?id=CVE-2004-0488
28 May 2004 — Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. Desbordamiento de búfer basado en la pila en la función ssl_util_uuencode_binary en ssl_util.c de mod_ssl de Apache cuando se configura mod_ssl para que confie en la Autoridad Certificadora emisora, puede permitir a atacantes remotos ejecutar código arbit... • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 6%CPEs: 14EXPL: 0CVE-2004-0113
https://notcve.org/view.php?id=CVE-2004-0113
29 Mar 2004 — Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. Fuga de meoria en ssl_engine_io.c en mod_ssl de Apache 2 anteriores a 2.0.49 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) mediante peticiones HTTP regulares al puerto SSL de un servidor con SSL activado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839 •
CVSS: 7.5EPSS: 40%CPEs: 1EXPL: 0CVE-2004-0174
https://notcve.org/view.php?id=CVE-2004-0174
25 Mar 2004 — Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." Apache anteriores 2.0.49, cuando usa múltiples sockets en escucha en ciertas plataformas, permite a atacantes remotos causar una denegación de servicio (bloqueo de nuevas conexiones) mediante una "conexión de vida corta en un socket en escucha rarame... • http://marc.info/?l=bugtraq&m=107973894328806&w=2 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 3CVE-2004-1834
https://notcve.org/view.php?id=CVE-2004-1834
20 Mar 2004 — mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. • http://marc.info/?l=bugtraq&m=107981737322495&w=2 •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 6CVE-2003-1307 – Apache 2.0.4x mod_php - File Descriptor Leakage
https://notcve.org/view.php?id=CVE-2003-1307
31 Dec 2003 — The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP. • https://www.exploit-db.com/exploits/23481 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2003-0789
https://notcve.org/view.php?id=CVE-2003-0789
30 Oct 2003 — mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. mod_cgid en Apache anteriores a 2.0.48, cuando usan una MPM multihilo, no maneja adecuadamente redirecciones de ruta de CGI, lo que podría causar que Apache enviar la salida de un programa CGI a un cliente equivocado. • http://apache.secsup.org/dist/httpd/Announcement2.html •
CVSS: 9.8EPSS: 0%CPEs: 36EXPL: 0CVE-2003-0542
https://notcve.org/view.php?id=CVE-2003-0542
30 Oct 2003 — Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. Múltiples desbordamientos de búfer en mod_alias y mod_rewrite de Apache anteriores a 1.3.29, con consecuencias y métodos de ataque desconocidos, relacionados con una expresión regular con más de 9 capturas. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2003-0253
https://notcve.org/view.php?id=CVE-2003-0253
10 Jul 2003 — The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service. El MPM pre-desdoblamiento (prefork) en Apache 2 anteriores a 2.0.47 no maneja apropiadamente ciertos errores de accept(), lo que podría llevar a una denegación de servicio. • http://marc.info/?l=bugtraq&m=105776593602600&w=2 •