CVSS: 7.5EPSS: 8%CPEs: 11EXPL: 0CVE-2005-2970
https://notcve.org/view.php?id=CVE-2005-2970
25 Oct 2005 — Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. • http://mail-archives.apache.org/mod_mbox/httpd-cvs/200509.mbox/%3C20051001110218.40692.qmail%40minotaur.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 0CVE-2005-2700
https://notcve.org/view.php?id=CVE-2005-2700
06 Sep 2005 — ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html •
CVSS: 7.5EPSS: 61%CPEs: 24EXPL: 0CVE-2005-2728
https://notcve.org/view.php?id=CVE-2005-2728
29 Aug 2005 — The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2005-1268
https://notcve.org/view.php?id=CVE-2005-1268
05 Aug 2005 — Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. Error de fuera-por-uno en la retrollamda de verificación de Lista de Revocación de Certificados (CRL) de mod_ssl para Apache, cuando se configura para usar un CRL, permite a atacantes remotos causar una denegación de servicio (caída de proceso hijo) ... • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html • CWE-193: Off-by-one Error •
CVSS: 7.2EPSS: 81%CPEs: 3EXPL: 2CVE-2005-2088
https://notcve.org/view.php?id=CVE-2005-2088
30 Jun 2005 — The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://docs.info.apple.com/article.html?artnum=302847 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 81%CPEs: 1EXPL: 1CVE-2004-0942 – Apache 2.0.52 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2004-0942
04 Nov 2004 — Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. • https://www.exploit-db.com/exploits/855 •
CVSS: 9.1EPSS: 6%CPEs: 18EXPL: 0CVE-2004-0885 – mod_ssl SSLCipherSuite bypass
https://notcve.org/view.php?id=CVE-2004-0885
16 Oct 2004 — The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. El módulo mod_ssl en Apache 2.0.35 a 2.0.52, cuando se usa la "SSLCipherSuite" en contexto de directorio o lugar, permite a clientes remotos evitar las restricciones pretendidas usando cualquier conjunto de cifrado que sea permitido por la configuración... • http://issues.apache.org/bugzilla/show_bug.cgi?id=31505 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2004-0811
https://notcve.org/view.php?id=CVE-2004-0811
24 Sep 2004 — Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. • http://fedoranews.org/updates/FEDORA-2004-313.shtml •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-1999-1125
https://notcve.org/view.php?id=CVE-1999-1125
19 Sep 1997 — Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. • http://marc.info/?l=bugtraq&m=87602880019796&w=2 •