CVSS: 9.8EPSS: 53%CPEs: 3EXPL: 3CVE-2002-0392 – Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption
https://notcve.org/view.php?id=CVE-2002-0392
03 Jul 2002 — Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. • https://www.exploit-db.com/exploits/21560 •
CVSS: 9.8EPSS: 90%CPEs: 2EXPL: 1CVE-2002-0061 – Apache Win32 1.3.x/2.0.x - Batch File Remote Command Execution
https://notcve.org/view.php?id=CVE-2002-0061
21 Mar 2002 — Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. El servidor Apache, en sus verisones para Win32 1.3.24 y anteriores, y 2.0.x hasta la 2.0.34-beta, permite que atacantes remotos ejecuten cualquier comando a través del metacaracter "|" de la shell. Estos comandos vienen com... • https://www.exploit-db.com/exploits/21350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2001-1556
https://notcve.org/view.php?id=CVE-2001-1556
31 Dec 2001 — The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1534
https://notcve.org/view.php?id=CVE-2001-1534
31 Dec 2001 — mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. • http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html • CWE-384: Session Fixation •
CVSS: 9.1EPSS: 7%CPEs: 16EXPL: 0CVE-2001-1449
https://notcve.org/view.php?id=CVE-2001-1449
28 Nov 2001 — The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. • http://www.kb.cert.org/vuls/id/913704 •
CVSS: 7.5EPSS: 9%CPEs: 7EXPL: 0CVE-2001-1342
https://notcve.org/view.php?id=CVE-2001-1342
12 May 2001 — Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. • http://bugs.apache.org/index.cgi/full/7522 •
CVSS: 5.3EPSS: 85%CPEs: 5EXPL: 6CVE-2001-0925 – Apache 1.3 - Artificially Long Slash Path Directory Listing
https://notcve.org/view.php?id=CVE-2001-0925
12 Mar 2001 — The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. • https://www.exploit-db.com/exploits/20692 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 0CVE-2000-0913
https://notcve.org/view.php?id=CVE-2000-0913
19 Dec 2000 — mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. • http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html •
CVSS: 7.5EPSS: 10%CPEs: 3EXPL: 0CVE-2000-0868
https://notcve.org/view.php?id=CVE-2000-0868
14 Nov 2000 — The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. • http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html •
CVSS: 9.1EPSS: 7%CPEs: 12EXPL: 2CVE-2000-0869 – Apache 1.3.12 - WebDAV Directory Listings
https://notcve.org/view.php?id=CVE-2000-0869
14 Nov 2000 — The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. • https://www.exploit-db.com/exploits/20210 •