CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 0CVE-2002-0843
https://notcve.org/view.php?id=CVE-2002-0843
05 Oct 2002 — Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Desbordamientos de búfer en el programa de soporte ApacheBench (ab.c) en Apache anteriores a 1.3.27, y Apache 2.x anteriores a 2.0.43, permite a un servidor web malicioso causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una respuesta lar... • ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I •
CVSS: 7.5EPSS: 39%CPEs: 10EXPL: 0CVE-2002-1593
https://notcve.org/view.php?id=CVE-2002-1593
25 Sep 2002 — mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. • http://securitytracker.com/id?1005285 •
CVSS: 5.3EPSS: 60%CPEs: 12EXPL: 1CVE-2002-0654 – Apache 2.0 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2002-0654
20 Aug 2002 — Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. Apache 2.0 a 2.0.39 en Windows, OS2 y Netware, permite a atacantes remotos determinar la ruta completa del servidor mediante una petición de un fichero .var, donde el mensaje de error muestra muestra la ruta... • https://www.exploit-db.com/exploits/21719 •
CVSS: 7.5EPSS: 86%CPEs: 12EXPL: 1CVE-2002-0661 – Apache 2.0 - Encoded Backslash Directory Traversal
https://notcve.org/view.php?id=CVE-2002-0661
10 Aug 2002 — Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. • https://www.exploit-db.com/exploits/21697 •
CVSS: 9.8EPSS: 60%CPEs: 3EXPL: 4CVE-2002-0392 – Apache Win32 Chunked Encoding
https://notcve.org/view.php?id=CVE-2002-0392
19 Jun 2002 — Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. • https://packetstorm.news/files/id/82996 •
CVSS: 5.3EPSS: 4%CPEs: 4EXPL: 0CVE-2002-1592
https://notcve.org/view.php?id=CVE-2002-1592
06 May 2002 — The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information. • http://www.apache.org/dist/httpd/CHANGES_2.0 •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2002-0240
https://notcve.org/view.php?id=CVE-2002-0240
03 May 2002 — PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. PHP, cuando se instala con Apache y se configura para buscar index.php como la página web por defecto, permite a los atacantes remotos que obtengan el path completo del servidor por medio del método HTTP OPTIONS, lo cual revelará el nombre del path en el mensaje d... • http://marc.info/?l=bugtraq&m=101311746611160&w=2 •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 0CVE-2002-0249
https://notcve.org/view.php?id=CVE-2002-0249
03 May 2002 — PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. PHP para windows, cuando se ha instalado en Apache 2.0.28 beta como una CGI aislada, permite a atacantes remotos obtener el camino físico del php.exe mediante argumentos intencionados tales como /123, lo cual permite que se muestre el path absoluto en el emensaje... • http://marc.info/?l=bugtraq&m=101311698909691&w=2 •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2002-0257
https://notcve.org/view.php?id=CVE-2002-0257
03 May 2002 — Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. Vulnerabilidad de comandos en sitios cruzados en auction.pl de MakeBid Auction Deluxe 3.30 permite que atacantes remotos obtengan información de otros usuarios por medio de los c... • http://marc.info/?l=bugtraq&m=101328880521775&w=2 •
CVSS: 9.8EPSS: 83%CPEs: 2EXPL: 1CVE-2002-0061 – Apache Win32 1.3.x/2.0.x - Batch File Remote Command Execution
https://notcve.org/view.php?id=CVE-2002-0061
21 Mar 2002 — Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. El servidor Apache, en sus verisones para Win32 1.3.24 y anteriores, y 2.0.x hasta la 2.0.34-beta, permite que atacantes remotos ejecuten cualquier comando a través del metacaracter "|" de la shell. Estos comandos vienen com... • https://www.exploit-db.com/exploits/21350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •