CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0987 – httpd mod_digest nonce not verified
https://notcve.org/view.php?id=CVE-2003-0987
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. mod_digest de Apache no verifica adecuadamente el nonce de una respuesta de cliente usando un secreto AuthNonce. • http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://security.gentoo.org/glsa/glsa-200405-22.xml http://securitytracker.com/id?1008920 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 http://sunsolve.sun.com/search/document.do? •
CVSS: 5.0EPSS: 8%CPEs: 1EXPL: 0CVE-2003-0460
https://notcve.org/view.php?id=CVE-2003-0460
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. El programa rotatelogs en Apache anteriores a 1.3.28 para Windows y OS/2, no ignora adecuadamente ciertos caractéres de control que son recibidos por la tubería, lo que podría permitir a atacantes remotos causar una denegación de servicio. • http://www.apache.org/dist/httpd/Announcement.html http://www.kb.cert.org/vuls/id/694428 https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1822
https://notcve.org/view.php?id=CVE-2002-1822
IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). • http://marc.info/?l=bugtraq&m=103726020802411&w=2 http://www.iss.net/security_center/static/10628.php http://www.securityfocus.com/bid/6181 •
CVSS: 7.5EPSS: 75%CPEs: 3EXPL: 3CVE-2002-0392 – Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption
https://notcve.org/view.php?id=CVE-2002-0392
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. • https://www.exploit-db.com/exploits/21560 https://www.exploit-db.com/exploits/21559 https://www.exploit-db.com/exploits/16782 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32 ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31 ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I http://archives. •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 1CVE-2002-0061 – Apache Win32 1.3.x/2.0.x - Batch File Remote Command Execution
https://notcve.org/view.php?id=CVE-2002-0061
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. El servidor Apache, en sus verisones para Win32 1.3.24 y anteriores, y 2.0.x hasta la 2.0.34-beta, permite que atacantes remotos ejecuten cualquier comando a través del metacaracter "|" de la shell. Estos comandos vienen como argumentos a scrips .bat o .cmd. A su vez estos scripts pasan sin filtrado al intérprete de shell, normalmente cmd.exe • https://www.exploit-db.com/exploits/21350 http://marc.info/?l=bugtraq&m=101674082427358&w=2 http://online.securityfocus.com/archive/1/263927 http://www.apacheweek.com/issues/02-03-29#apache1324 http://www.iss.net/security_center/static/8589.php http://www.securityfocus.com/bid/4335 https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.ap • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •