CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 3CVE-2004-0940 – Apache 1.3.31 mod_include - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0940
26 Oct 2004 — Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. • https://www.exploit-db.com/exploits/587 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2004-0885 – mod_ssl SSLCipherSuite bypass
https://notcve.org/view.php?id=CVE-2004-0885
16 Oct 2004 — The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. El módulo mod_ssl en Apache 2.0.35 a 2.0.52, cuando se usa la "SSLCipherSuite" en contexto de directorio o lugar, permite a clientes remotos evitar las restricciones pretendidas usando cualquier conjunto de cifrado que sea permitido por la configuración... • http://issues.apache.org/bugzilla/show_bug.cgi?id=31505 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0811
https://notcve.org/view.php?id=CVE-2004-0811
24 Sep 2004 — Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. • http://fedoranews.org/updates/FEDORA-2004-313.shtml •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0747
https://notcve.org/view.php?id=CVE-2004-0747
17 Sep 2004 — Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. Desbordamiento de búfer en Apache 2.0.50 y anteriores permite a usuarios locales ganar privilegios mediante un fichero .htaccess que causa un desbordamiento durante la expansión de variables de entorno. • http://secunia.com/advisories/12540 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2004-0786
https://notcve.org/view.php?id=CVE-2004-0786
17 Sep 2004 — The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. Las reglas de procesado de IPv6 en la biblioteca apr-util de Apache 2.0.50 y anteriores permite a atacantes remotos causar una denegación de servicio (caída de proceso hijo) mediante una cierta URI, como se ha demostrado utilizando la herramienta de pruebas HTTP Codenomicon. • http://secunia.com/advisories/12540 •
CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 1CVE-2004-0809
https://notcve.org/view.php?id=CVE-2004-0809
16 Sep 2004 — The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. • http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2004-0748
https://notcve.org/view.php?id=CVE-2004-0748
10 Sep 2004 — mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. mod_ssl en Apache 2.0.50 y anteriores permite a atacantes remotos causar un denegación de servicio (consuminción de CPU) abortando un conexión SSL de cierta manera que causa que un proceso hijo de apache entre en un bucle infinito. • http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 1CVE-2004-0751 – Apache mod_ssl 2.0.x - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2004-0751
10 Sep 2004 — The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). La función char_buffer_read en el módulo mod_ssl de Apache 2.x, cuando se usa un proxy inverso con un servidor SSL, permite a atacantes remotos causar una denegación de permiso (fallo de segmentación). • https://www.exploit-db.com/exploits/24590 •
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2004-0263
https://notcve.org/view.php?id=CVE-2004-0263
01 Sep 2004 — PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. PHP 4.3.4 y anteriores en Apache 1.x y 2.x (mod_php) pude filtrar variables globales entre servidores virtuales con diferente configuración que son manejadas por el mismo proceso hijo de Apache, lo que podría permitir a atacantes remotos obtener información sensi... • http://security.gentoo.org/glsa/glsa-200402-01.xml •
CVSS: 7.5EPSS: 90%CPEs: 16EXPL: 3CVE-2004-0493 – Apache - Arbitrary Long HTTP Headers Denial of Service
https://notcve.org/view.php?id=CVE-2004-0493
30 Jun 2004 — The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. La función ap_get_mime_headers_core de Apache httpd 2.0.49 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) y posiblemente un error de entero sin signo que conduce a un d... • https://www.exploit-db.com/exploits/371 •