CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2003-0083
https://notcve.org/view.php?id=CVE-2003-0083
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. Apache 1.3 anteriores a 1.3.25 y Apache 2.0 anteriores a 2.0.43 y posiblemente posteriores no filtran secuencias de escape de terminal de sus logs de acceso, lo que podría hacer más fácil para atacantes insertar esas secuencias secuencias en emuladores de terminal conteniendo vulnerabilidades relacionadas con secuencias de escape, una vulnerabilidad diferente de CAN-2003-0020. • http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH http://marc.info/?l=bugtraq&m=108024081011678&w=2 http://marc.info/?l=bugtraq&m=108034113406858&w=2 http://secunia.com/advisories/8146 http://www.redhat.com/support/errata/RHSA-2003-139.html https://lists.apache.org/thread.html/54a42d4b01968df111 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2003-0020
https://notcve.org/view.php?id=CVE-2003-0020
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Apache no filtra secuencias de escape de terminales en sus archivos de registro de errores, lo que podría hacer más fácil para atacantes insertar estas secuencias en emuladores de terminal que tengan vulnerabilidades relacionadas con secuencias de escape. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046 http://marc.info/?l=bugtraq&m=104612710031920&w=2 http://marc.info/?l=bugtraq&m=108369640424244&w=2 http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://marc.info/? •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2003-0017
https://notcve.org/view.php?id=CVE-2003-0017
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. Apache 2.0 anterior a 2.0.44 en plataformas Windows permite a atacantes remotos obtener determinados ficheros mediante una petición HTTP que termina en ciertos caracteres ilegales como ">", lo cual provoca que se procese y sirva un nombre de archivo diferente. • http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E https://lists •
CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 0CVE-2003-0016
https://notcve.org/view.php?id=CVE-2003-0016
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. Apache anteriores a 2.0.44, cuando corren sobre sistemas operativos Windows 9x y Me, permite a atacantes remotos causar una denegación de servicio o ejecutar código arbitrario mediane peticiones HTTP conteniendo nombres de dispositivo de MS-DOS. • http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2 http://www.apacheweek.com/issues/03-01-24#security http://www.kb.cert.org/vuls/id/825177 http://www.kb.cert.org/vuls/id/979793 http://www.securityfocus.com/bid/6659 https://exchange.xforce.ibmcloud.com/vulnerabilities/11124 https://exchange.xforce.ibmcloud.com/vulnerabilities/11125 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/t •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2002-1850 – Apache 2.0.39/40 - Oversized STDERR Buffer Denial of Service
https://notcve.org/view.php?id=CVE-2002-1850
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. • https://www.exploit-db.com/exploits/21854 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/generators/mod_cgi.c?r1=1.148.2.7&r2=1.148.2.8 http://issues.apache.org/bugzilla/show_bug.cgi?id=10515 http://issues.apache.org/bugzilla/show_bug.cgi?id=22030 http://marc.info/?l=apache-httpd-dev&m=103291952019514&w=2 http://seclists.org/bugtraq/2002/Sep/0253.html http://securitytracker.com/id? • CWE-667: Improper Locking •