CVSS: 9.8EPSS: 11%CPEs: 2EXPL: 0CVE-2003-0083
https://notcve.org/view.php?id=CVE-2003-0083
28 Mar 2003 — Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. Apache 1.3 anteriores a 1.3.25 y Apache 2.0 anteriores a 2.0.43 y posiblemente posteriores no filtran secuencias de escape de terminal de sus logs de acceso, lo que podría hacer más fácil para ... • http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25 •
CVSS: 9.8EPSS: 19%CPEs: 2EXPL: 0CVE-2003-0020
https://notcve.org/view.php?id=CVE-2003-0020
18 Mar 2003 — Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Apache no filtra secuencias de escape de terminales en sus archivos de registro de errores, lo que podría hacer más fácil para atacantes insertar estas secuencias en emuladores de terminal que tengan vulnerabilidades relacionadas con secuencias de escape. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html •
CVSS: 6.8EPSS: 92%CPEs: 47EXPL: 1CVE-2002-0840 – Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0840
11 Oct 2002 — Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro... • https://www.exploit-db.com/exploits/21885 •
CVSS: 7.5EPSS: 37%CPEs: 10EXPL: 0CVE-2002-1593
https://notcve.org/view.php?id=CVE-2002-1593
25 Sep 2002 — mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. • http://securitytracker.com/id?1005285 •
CVSS: 5.3EPSS: 74%CPEs: 12EXPL: 1CVE-2002-0654 – Apache 2.0 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2002-0654
20 Aug 2002 — Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. Apache 2.0 a 2.0.39 en Windows, OS2 y Netware, permite a atacantes remotos determinar la ruta completa del servidor mediante una petición de un fichero .var, donde el mensaje de error muestra muestra la ruta... • https://www.exploit-db.com/exploits/21719 •
CVSS: 7.5EPSS: 92%CPEs: 12EXPL: 1CVE-2002-0661 – Apache 2.0 - Encoded Backslash Directory Traversal
https://notcve.org/view.php?id=CVE-2002-0661
10 Aug 2002 — Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. • https://www.exploit-db.com/exploits/21697 •
CVSS: 9.8EPSS: 53%CPEs: 3EXPL: 3CVE-2002-0392 – Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption
https://notcve.org/view.php?id=CVE-2002-0392
03 Jul 2002 — Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. • https://www.exploit-db.com/exploits/21560 •
CVSS: 5.3EPSS: 5%CPEs: 4EXPL: 0CVE-2002-1592
https://notcve.org/view.php?id=CVE-2002-1592
06 May 2002 — The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information. • http://www.apache.org/dist/httpd/CHANGES_2.0 •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2002-0240
https://notcve.org/view.php?id=CVE-2002-0240
03 May 2002 — PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. PHP, cuando se instala con Apache y se configura para buscar index.php como la página web por defecto, permite a los atacantes remotos que obtengan el path completo del servidor por medio del método HTTP OPTIONS, lo cual revelará el nombre del path en el mensaje d... • http://marc.info/?l=bugtraq&m=101311746611160&w=2 •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 0CVE-2002-0249
https://notcve.org/view.php?id=CVE-2002-0249
03 May 2002 — PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. PHP para windows, cuando se ha instalado en Apache 2.0.28 beta como una CGI aislada, permite a atacantes remotos obtener el camino físico del php.exe mediante argumentos intencionados tales como /123, lo cual permite que se muestre el path absoluto en el emensaje... • http://marc.info/?l=bugtraq&m=101311698909691&w=2 •