CVSS: 5.0EPSS: 0%CPEs: 50EXPL: 0CVE-2004-0263
https://notcve.org/view.php?id=CVE-2004-0263
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. PHP 4.3.4 y anteriores en Apache 1.x y 2.x (mod_php) pude filtrar variables globales entre servidores virtuales con diferente configuración que son manejadas por el mismo proceso hijo de Apache, lo que podría permitir a atacantes remotos obtener información sensible. • http://security.gentoo.org/glsa/glsa-200402-01.xml http://www.osvdb.org/3878 http://www.securityfocus.com/bid/9599 https://exchange.xforce.ibmcloud.com/vulnerabilities/15072 •
CVSS: 6.4EPSS: 96%CPEs: 16EXPL: 3CVE-2004-0493 – Apache - Arbitrary Long HTTP Headers Denial of Service
https://notcve.org/view.php?id=CVE-2004-0493
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. La función ap_get_mime_headers_core de Apache httpd 2.0.49 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) y posiblemente un error de entero sin signo que conduce a un desbordamiento de búfer basado en el montón en en sistemas de 64 bits, mediante líneas de cabecera largas con muchos caractéres espacio o tabulador. • https://www.exploit-db.com/exploits/371 https://www.exploit-db.com/exploits/360 http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html http://marc.info/?l=bugtraq&m=108853066800184&w=2 http://marc.info/?l=bugtraq&m=109181600614477&w=2 http://security.gentoo.org/glsa/glsa-200407-03.xml http://www.apacheweek.com/features/security-20 http://www.guninski.com/httpd1.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:064 http://www.r •
CVSS: 7.5EPSS: 57%CPEs: 4EXPL: 0CVE-2004-0488 – mod_ssl ssl_util_uuencode_binary CA issue
https://notcve.org/view.php?id=CVE-2004-0488
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. Desbordamiento de búfer basado en la pila en la función ssl_util_uuencode_binary en ssl_util.c de mod_ssl de Apache cuando se configura mod_ssl para que confie en la Autoridad Certificadora emisora, puede permitir a atacantes remotos ejecutar código arbitrario mediante un certificado de cliente con un DN de asunto grande. • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021610.html http://marc.info/?l=bugtraq&m=108567431823750&w=2 http://marc.info/?l=bugtraq&m=108619129727620&w=2 http://marc.info/?l=bugtraq&m=109181600614477&w=2 http://marc.info/?l=bugtraq&m=109215056218824&w=2 http://rhn.redhat.com/errata/RHSA-2004-245.html http://security.gentoo.org/glsa/glsa-200406-05.xml http://www.de • CWE-787: Out-of-bounds Write •
CVSS: 2.1EPSS: 0%CPEs: 20EXPL: 3CVE-2004-1834
https://notcve.org/view.php?id=CVE-2004-1834
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. • http://marc.info/?l=bugtraq&m=107981737322495&w=2 http://secunia.com/advisories/11176 http://secunia.com/advisories/19072 http://securitytracker.com/id?1009509 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.osvdb.org/4446 http://www.redhat.com/support/errata/RHSA-2004-562.html http://www.securityfocus.com/bid/9933 http://www.vupen.com/english/advisories/2006/0789 https:/&# •
CVSS: 5.0EPSS: 1%CPEs: 14EXPL: 0CVE-2004-0113
https://notcve.org/view.php?id=CVE-2004-0113
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. Fuga de meoria en ssl_engine_io.c en mod_ssl de Apache 2 anteriores a 2.0.49 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) mediante peticiones HTTP regulares al puerto SSL de un servidor con SSL activado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839 http://issues.apache.org/bugzilla/show_bug.cgi?id=27106 http://marc.info/?l=apache-cvs&m=107869699329638 http://marc.info/?l=bugtraq&m=108034113406858&w=2 http://marc.info/? •