CVSS: 8.1EPSS: 1%CPEs: 23EXPL: 6CVE-2003-1307 – Apache 2.0.4x mod_php - File Descriptor Leakage
https://notcve.org/view.php?id=CVE-2003-1307
31 Dec 2003 — The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP. • https://www.exploit-db.com/exploits/23481 •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 0CVE-2003-0789
https://notcve.org/view.php?id=CVE-2003-0789
30 Oct 2003 — mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. mod_cgid en Apache anteriores a 2.0.48, cuando usan una MPM multihilo, no maneja adecuadamente redirecciones de ruta de CGI, lo que podría causar que Apache enviar la salida de un programa CGI a un cliente equivocado. • http://apache.secsup.org/dist/httpd/Announcement2.html •
CVSS: 9.8EPSS: 0%CPEs: 36EXPL: 0CVE-2003-0542
https://notcve.org/view.php?id=CVE-2003-0542
30 Oct 2003 — Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. Múltiples desbordamientos de búfer en mod_alias y mod_rewrite de Apache anteriores a 1.3.29, con consecuencias y métodos de ataque desconocidos, relacionados con una expresión regular con más de 9 capturas. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 19%CPEs: 2EXPL: 0CVE-2003-0020
https://notcve.org/view.php?id=CVE-2003-0020
18 Mar 2003 — Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Apache no filtra secuencias de escape de terminales en sus archivos de registro de errores, lo que podría hacer más fácil para atacantes insertar estas secuencias en emuladores de terminal que tengan vulnerabilidades relacionadas con secuencias de escape. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2001-1556
https://notcve.org/view.php?id=CVE-2001-1556
31 Dec 2001 — The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-1999-1125
https://notcve.org/view.php?id=CVE-1999-1125
19 Sep 1997 — Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. • http://marc.info/?l=bugtraq&m=87602880019796&w=2 •