CVE-2004-1834
https://notcve.org/view.php?id=CVE-2004-1834
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. • http://marc.info/?l=bugtraq&m=107981737322495&w=2 http://secunia.com/advisories/11176 http://secunia.com/advisories/19072 http://securitytracker.com/id?1009509 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.osvdb.org/4446 http://www.redhat.com/support/errata/RHSA-2004-562.html http://www.securityfocus.com/bid/9933 http://www.vupen.com/english/advisories/2006/0789 https:/ •
CVE-2004-0174
https://notcve.org/view.php?id=CVE-2004-0174
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." Apache anteriores 2.0.49, cuando usa múltiples sockets en escucha en ciertas plataformas, permite a atacantes remotos causar una denegación de servicio (bloqueo de nuevas conexiones) mediante una "conexión de vida corta en un socket en escucha raramente accedido. • http://marc.info/?l=bugtraq&m=107973894328806&w=2 http://marc.info/?l=bugtraq&m=108066914830552&w=2 http://marc.info/?l=bugtraq&m=108369640424244&w=2 http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://marc.info/? • CWE-667: Improper Locking •
CVE-2004-0113
https://notcve.org/view.php?id=CVE-2004-0113
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. Fuga de meoria en ssl_engine_io.c en mod_ssl de Apache 2 anteriores a 2.0.49 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) mediante peticiones HTTP regulares al puerto SSL de un servidor con SSL activado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839 http://issues.apache.org/bugzilla/show_bug.cgi?id=27106 http://marc.info/?l=apache-cvs&m=107869699329638 http://marc.info/?l=bugtraq&m=108034113406858&w=2 http://marc.info/? •
CVE-2003-1307 – Apache 2.0.4x mod_php - File Descriptor Leakage
https://notcve.org/view.php?id=CVE-2003-1307
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP. • https://www.exploit-db.com/exploits/23481 https://www.exploit-db.com/exploits/23482 http://bugs.php.net/38915 http://hackerdom.ru/~dimmo/phpexpl.c http://www.securityfocus.com/archive/1/348368 http://www.securityfocus.com/archive/1/449234/100/0/threaded http://www.securityfocus.com/archive/1/449298/100/0/threaded http://www.securityfocus.com/bid/9302 •
CVE-2003-0789
https://notcve.org/view.php?id=CVE-2003-0789
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. mod_cgid en Apache anteriores a 2.0.48, cuando usan una MPM multihilo, no maneja adecuadamente redirecciones de ruta de CGI, lo que podría causar que Apache enviar la salida de un programa CGI a un cliente equivocado. • http://apache.secsup.org/dist/httpd/Announcement2.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775 http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html http://lists.apple.com/mhonarc/security-announce/msg00045.html http://marc.info/?l=bugtraq&m=106761802305141&w=2 http://security.gentoo.org/glsa/glsa-200310-04.xml http://www.ciac.org/ciac/bulletins/o-015.shtml http://www.mandrakese •