CVSS: 8.1EPSS: 1%CPEs: 23EXPL: 6CVE-2003-1307 – Apache 2.0.4x mod_php - File Descriptor Leakage
https://notcve.org/view.php?id=CVE-2003-1307
31 Dec 2003 — The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP. • https://www.exploit-db.com/exploits/23481 •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 0CVE-2003-0789
https://notcve.org/view.php?id=CVE-2003-0789
30 Oct 2003 — mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. mod_cgid en Apache anteriores a 2.0.48, cuando usan una MPM multihilo, no maneja adecuadamente redirecciones de ruta de CGI, lo que podría causar que Apache enviar la salida de un programa CGI a un cliente equivocado. • http://apache.secsup.org/dist/httpd/Announcement2.html •
CVSS: 9.8EPSS: 0%CPEs: 36EXPL: 0CVE-2003-0542
https://notcve.org/view.php?id=CVE-2003-0542
30 Oct 2003 — Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. Múltiples desbordamientos de búfer en mod_alias y mod_rewrite de Apache anteriores a 1.3.29, con consecuencias y métodos de ataque desconocidos, relacionados con una expresión regular con más de 9 capturas. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 15%CPEs: 15EXPL: 0CVE-2003-0192
https://notcve.org/view.php?id=CVE-2003-0192
10 Jul 2003 — Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. Apache 2 anteriores a 2.0.47, y ciertas versiones de mod_ssl para Apache 1.3, no manejan adecuadamente "ciertas secuencias de re-negociaciones por directorio junto con la directiva SSLCipherSuite siendo usada para m... • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt •
CVSS: 7.5EPSS: 12%CPEs: 15EXPL: 0CVE-2003-0253
https://notcve.org/view.php?id=CVE-2003-0253
10 Jul 2003 — The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service. El MPM pre-desdoblamiento (prefork) en Apache 2 anteriores a 2.0.47 no maneja apropiadamente ciertos errores de accept(), lo que podría llevar a una denegación de servicio. • http://marc.info/?l=bugtraq&m=105776593602600&w=2 •
CVSS: 7.5EPSS: 9%CPEs: 15EXPL: 0CVE-2003-0254
https://notcve.org/view.php?id=CVE-2003-0254
10 Jul 2003 — Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket. Apache 2 anteriores a la 2.0.47, cuando es ejecutado en un sistema IPv6, permite a atacantes causar la Denegación de Servicios (DoS) cuando el servidor proxy FTP falla al crear una conexión IPv6. • http://marc.info/?l=bugtraq&m=105776593602600&w=2 •
CVSS: 9.8EPSS: 19%CPEs: 2EXPL: 0CVE-2003-0020
https://notcve.org/view.php?id=CVE-2003-0020
18 Mar 2003 — Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Apache no filtra secuencias de escape de terminales en sus archivos de registro de errores, lo que podría hacer más fácil para atacantes insertar estas secuencias en emuladores de terminal que tengan vulnerabilidades relacionadas con secuencias de escape. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2001-1556
https://notcve.org/view.php?id=CVE-2001-1556
31 Dec 2001 — The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-1999-1125
https://notcve.org/view.php?id=CVE-1999-1125
19 Sep 1997 — Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. • http://marc.info/?l=bugtraq&m=87602880019796&w=2 •