CVE-2002-2272 – Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service
https://notcve.org/view.php?id=CVE-2002-2272
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. • https://www.exploit-db.com/exploits/22068 http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html http://www.securityfocus.com/bid/6320 https://exchange.xforce.ibmcloud.com/vulnerabilities/10771 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2002-2012
https://notcve.org/view.php?id=CVE-2002-2012
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request. • http://www.iss.net/security_center/static/7810.php http://www.securityfocus.com/advisories/3761 http://www.securityfocus.com/bid/3796 •
CVE-2002-2029 – Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure
https://notcve.org/view.php?id=CVE-2002-2029
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. • https://www.exploit-db.com/exploits/21204 http://www.iss.net/security_center/static/7815.php http://www.securiteam.com/windowsntfocus/5ZP030U60U.html http://www.securityfocus.com/bid/3786 •
CVE-2002-1822
https://notcve.org/view.php?id=CVE-2002-1822
IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). • http://marc.info/?l=bugtraq&m=103726020802411&w=2 http://www.iss.net/security_center/static/10628.php http://www.securityfocus.com/bid/6181 •
CVE-2002-2103
https://notcve.org/view.php?id=CVE-2002-2103
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. • http://www.apache.org/dist/httpd/CHANGES_1.3 http://www.iss.net/security_center/static/8629.php http://www.securityfocus.com/bid/4358 •