CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2002-1850 – Apache 2.0.39/40 - Oversized STDERR Buffer Denial of Service
https://notcve.org/view.php?id=CVE-2002-1850
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. • https://www.exploit-db.com/exploits/21854 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/generators/mod_cgi.c?r1=1.148.2.7&r2=1.148.2.8 http://issues.apache.org/bugzilla/show_bug.cgi?id=10515 http://issues.apache.org/bugzilla/show_bug.cgi?id=22030 http://marc.info/?l=apache-httpd-dev&m=103291952019514&w=2 http://seclists.org/bugtraq/2002/Sep/0253.html http://securitytracker.com/id? • CWE-667: Improper Locking •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1156
https://notcve.org/view.php?id=CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled. Apache 2.0.42 permite a atacanes remotos ver el código fuente de un guión (script) CGI mediante una petición POST a un directorio con WebDAV y CGI activados. • http://online.securityfocus.com/advisories/4617 http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.apacheweek.com/issues/02-10-04 http://www.kb.cert.org/vuls/id/910713 http://www.securityfocus.com/bid/6065 https://exchange.xforce.ibmcloud.com/vulnerabilities/10499 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https& •
CVSS: 6.8EPSS: 97%CPEs: 47EXPL: 1CVE-2002-0840 – Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro UseCanonicalName está desactivado, y está presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la página mediante la cabecera Host: • https://www.exploit-db.com/exploits/21885 ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103357160425708&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http •
CVSS: 5.0EPSS: 2%CPEs: 10EXPL: 0CVE-2002-1593
https://notcve.org/view.php?id=CVE-2002-1593
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. • http://securitytracker.com/id?1005285 http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.kb.cert.org/vuls/id/406121 http://www.securityfocus.com/bid/5816 https://exchange.xforce.ibmcloud.com/vulnerabilities/10208 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0a •
CVSS: 5.0EPSS: 13%CPEs: 12EXPL: 1CVE-2002-0654 – Apache 2.0 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2002-0654
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. Apache 2.0 a 2.0.39 en Windows, OS2 y Netware, permite a atacantes remotos determinar la ruta completa del servidor mediante una petición de un fichero .var, donde el mensaje de error muestra muestra la ruta al archivo, o mediante un mensaje de error que ocurre cuando un script (proceso hijo) no puede ser invocado. • https://www.exploit-db.com/exploits/21719 http://marc.info/?l=bugtraq&m=102951160411052&w=2 http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.iss.net/security_center/static/9875.php http://www.iss.net/security_center/static/9876.php http://www.securityfocus.com/bid/5485 http://www.securityfocus.com/bid/5486 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054 •