CVSS: 10.0EPSS: 4%CPEs: 17EXPL: 0CVE-2004-0492 – httpd mod_proxy buffer overflow
https://notcve.org/view.php?id=CVE-2004-0492
23 Jun 2004 — Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. Desbordamiento de búfer basado en el montón en proxy_util.c de mod_proxy en Apache 1.3.25 a 1.3.31 permite a atacantes remotos causar un denegación de servicio (caída del proceso) y posiblemente ejecutar código de su elecció... • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc •
CVSS: 9.8EPSS: 50%CPEs: 4EXPL: 0CVE-2004-0488 – mod_ssl ssl_util_uuencode_binary CA issue
https://notcve.org/view.php?id=CVE-2004-0488
28 May 2004 — Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. Desbordamiento de búfer basado en la pila en la función ssl_util_uuencode_binary en ssl_util.c de mod_ssl de Apache cuando se configura mod_ssl para que confie en la Autoridad Certificadora emisora, puede permitir a atacantes remotos ejecutar código arbit... • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 2CVE-2004-0173 – Apache Cygwin 1.3.x/2.0.x - Directory Traversal
https://notcve.org/view.php?id=CVE-2004-0173
15 Apr 2004 — Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. Vulnerabilidad de atravesamiento de directorios en Apache 1.3.29 y anteriores, y Apache 2.0.48 y anteriores, cuando se ejecuta sobre Cygwin, permite a atacantes remotos leer ficheros arbitrarios mediante una URL conteniendo secuencias "..%5C" (punto punto barra atrás codificad... • https://www.exploit-db.com/exploits/23751 •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2003-0993
https://notcve.org/view.php?id=CVE-2003-0993
29 Mar 2004 — mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. Apache 1.3 anteriores a 1.3.30, cuando se ejecuta en plataformas big-endian de 64 bits, no analiza adecuadamente reglas de aceptación/denegación usando direcciones IP sin máscara de red, lo que podría permitir a atacantes remotos saltarse las restricciones de acceso pretendid... • http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046 •
CVSS: 7.5EPSS: 6%CPEs: 14EXPL: 0CVE-2004-0113
https://notcve.org/view.php?id=CVE-2004-0113
29 Mar 2004 — Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. Fuga de meoria en ssl_engine_io.c en mod_ssl de Apache 2 anteriores a 2.0.49 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) mediante peticiones HTTP regulares al puerto SSL de un servidor con SSL activado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839 •
CVSS: 7.5EPSS: 40%CPEs: 1EXPL: 0CVE-2004-0174
https://notcve.org/view.php?id=CVE-2004-0174
25 Mar 2004 — Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." Apache anteriores 2.0.49, cuando usa múltiples sockets en escucha en ciertas plataformas, permite a atacantes remotos causar una denegación de servicio (bloqueo de nuevas conexiones) mediante una "conexión de vida corta en un socket en escucha rarame... • http://marc.info/?l=bugtraq&m=107973894328806&w=2 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 3CVE-2004-1834
https://notcve.org/view.php?id=CVE-2004-1834
20 Mar 2004 — mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. • http://marc.info/?l=bugtraq&m=107981737322495&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0987 – httpd mod_digest nonce not verified
https://notcve.org/view.php?id=CVE-2003-0987
03 Feb 2004 — mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. mod_digest de Apache no verifica adecuadamente el nonce de una respuesta de cliente usando un secreto AuthNonce. • http://marc.info/?l=bugtraq&m=108437852004207&w=2 •
CVSS: 9.1EPSS: 0%CPEs: 47EXPL: 0CVE-2004-1082
https://notcve.org/view.php?id=CVE-2004-1082
03 Feb 2004 — mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. • http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1418
https://notcve.org/view.php?id=CVE-2003-1418
31 Dec 2003 — Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). • http://www.openbsd.org/errata32.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •