1.3.12 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	# of Exploits	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2013-2249				2013-07-23	2021-06-06	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
2	CVE-2012-0883	264		+Priv	2012-04-18	2021-06-06	6.9	None	Local	Medium	Not required	Complete	Complete	Complete
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3	CVE-2012-0031	399		DoS	2012-01-18	2021-06-06	4.6	None	Local	Low	Not required	Partial	Partial	Partial
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
4	CVE-2011-4317	20			2011-11-30	2021-06-06	4.3	None	Remote	Medium	Not required	None	Partial	None
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5	CVE-2011-3368	20	1		2011-10-05	2021-06-06	5.0	None	Remote	Low	Not required	Partial	None	None
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
6	CVE-2011-3348	399		DoS	2011-09-20	2021-06-06	4.3	None	Remote	Medium	Not required	None	None	Partial
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
7	CVE-2011-3192	399	1	DoS	2011-08-29	2021-06-06	7.8	None	Remote	Low	Not required	None	None	Complete
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8	CVE-2011-0419	399		DoS	2011-05-16	2021-06-06	4.3	None	Remote	Medium	Not required	None	None	Partial
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
9	CVE-2010-0010	189	1	DoS Exec Code Overflow	2010-02-02	2021-06-06	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
10	CVE-2009-1890	189		DoS	2009-07-05	2021-07-14	7.1	None	Remote	Medium	Not required	None	None	Complete
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
11	CVE-2008-0455	79		XSS	2008-01-25	2021-06-06	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
12	CVE-2007-6750	399		DoS	2011-12-27	2018-01-10	5.0	None	Remote	Low	Not required	None	None	Partial
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
13	CVE-2007-6388	79		XSS	2008-01-08	2021-06-06	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14	CVE-2007-5000	79		XSS	2007-12-13	2021-06-06	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15	CVE-2006-3918			XSS	2006-07-28	2021-06-06	4.3	None	Remote	Medium	Not required	None	Partial	None
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
16	CVE-2005-3352			XSS	2005-12-13	2021-06-06	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
17	CVE-2004-1082				2004-02-03	2018-10-30	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
18	CVE-2004-0940	119		Exec Code Overflow XSS	2005-02-09	2021-06-06	6.9	None	Local	Medium	Not required	Complete	Complete	Complete
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
19	CVE-2004-0488			Exec Code Overflow	2004-07-07	2021-06-06	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
20	CVE-2004-0263			+Info	2004-11-23	2017-10-10	5.0	None	Remote	Low	Not required	Partial	None	None
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
21	CVE-2003-0993			Bypass	2004-03-29	2021-06-06	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
22	CVE-2003-0542	119		DoS Exec Code Overflow	2003-11-03	2021-06-06	7.2	None	Local	Low	Not required	Complete	Complete	Complete
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
23	CVE-2002-2272	119		DoS Overflow	2002-12-31	2017-07-29	7.8	None	Remote	Low	Not required	None	None	Complete
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
24	CVE-2002-2103				2002-12-31	2008-09-05	5.0	None	Remote	Low	Not required	None	Partial	None
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
25	CVE-2002-2029				2002-12-31	2008-09-05	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
26	CVE-2002-1658			Exec Code Overflow	2002-12-31	2017-07-11	4.6	None	Local	Low	Not required	Partial	Partial	Partial
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
27	CVE-2002-0843			DoS Exec Code Overflow	2002-10-11	2021-06-06	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
28	CVE-2002-0840			XSS	2002-10-11	2021-06-06	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
29	CVE-2001-1449				2001-11-28	2017-07-11	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
30	CVE-2001-0925	22		Dir. Trav.	2001-03-12	2021-07-06	5.0	None	Remote	Low	Not required	Partial	None	None
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
31	CVE-2000-1204				2000-10-13	2021-06-06	5.0	None	Remote	Low	Not required	Partial	None	None
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
32	CVE-2000-0913				2000-12-19	2021-06-06	5.0	None	Remote	Low	Not required	Partial	None	None
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
33	CVE-2000-0869				2000-11-14	2017-10-10	5.0	None	Remote	Low	Not required	Partial	None	None
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.
34	CVE-2000-0868				2000-11-14	2017-10-10	5.0	None	Remote	Low	Not required	Partial	None	None
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

Total number of vulnerabilities : 34 Page : 1 (This Page)