CVSS: 4.3EPSS: 96%CPEs: 3EXPL: 2CVE-2005-2088
https://notcve.org/view.php?id=CVE-2005-2088
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://docs.info.apple.com/article.html?artnum=302847 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3 http://seclists.org/lists/bugtraq/2005/Jun/0025.html http://secunia.com/advisories/14530 http://secunia.com/advisories/17319 http://secunia.com/advisories/17487 http://secunia.com/advisories/17813 http://secunia.com/advisories/19072 http://secunia.com/advisories/19073 http://secunia. • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2343
https://notcve.org/view.php?id=CVE-2004-2343
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument • http://archives.neohapsis.com/archives/bugtraq/2004-02/0043.html http://archives.neohapsis.com/archives/bugtraq/2004-02/0064.html http://archives.neohapsis.com/archives/bugtraq/2004-02/0120.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15015 •
CVSS: 5.0EPSS: 96%CPEs: 1EXPL: 1CVE-2004-0942 – Apache 2.0.52 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2004-0942
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. • https://www.exploit-db.com/exploits/855 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028248.html http://marc.info/?l=bugtraq&m=110384374213596&w=2 http://secunia.com/advisories/19072 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm ht •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2004-0885 – mod_ssl SSLCipherSuite bypass
https://notcve.org/view.php?id=CVE-2004-0885
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. El módulo mod_ssl en Apache 2.0.35 a 2.0.52, cuando se usa la "SSLCipherSuite" en contexto de directorio o lugar, permite a clientes remotos evitar las restricciones pretendidas usando cualquier conjunto de cifrado que sea permitido por la configuración de servidor (host) virtual. • http://issues.apache.org/bugzilla/show_bug.cgi?id=31505 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=109786159119069&w=2 http://secunia.com/advisories/19072 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.apacheweek.com/features/security-20 http://www&# •
CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 1CVE-2004-0809
https://notcve.org/view.php?id=CVE-2004-0809
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. • http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33 http://www.debian.org/security/2004/dsa-558 http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 http://www.redhat.com/support/errata/RHSA-2004-463.html http://www.trustix.org/errata/2004/0047 https://exchange.xforce.ibmcloud.com/vulnerabilities/17366 https://lists.apache.org/thread.html/54a42d4b01968df11 •