| 7! | Apache multiple security vulnerabilities
|
 | | Information leakage, filtering bypass, privilege escalation, DoS. |
| | Apache privilege escalation
|
| | Privilege escalation with SetEnvIf in conjunction with crafted HTTP headers. |
| 6! | Apache mod_proxy unauthorized internal network access
updated since 12.10.2011
|
| | Invalid processing for URI with preceeding @ sign. |
| 8! | Multiple HTTP servers DoS
updated since 27.08.2011
|
| | Range: header processing can lead to memory exhaustion. |
| | Apache mod_proxy_http information leak
updated since 14.06.2010
|
| | Under some conditions, server reply may be sent to wrong client. |
| 6! | Apache mod_proxy_ftp multiple security vulnerabilities
updated since 23.09.2009
|
| | Denial of service, restrictions bypass. |
| 7! | Apache mod_isapi uninitialized pointer function call
|
| | Uunder some conditions function from dynamic library is called by it's address after library is unloaded. |
| | Apache HTTPD information leak
|
| | Under some conditions it's possible to access memory with data related to prvious requests. |
| | Apache mod_proxy_ajp DoS
|
| | Resources are not freed if client closes connection before request body is sent. |
| 8! | SSL data injection
updated since 09.11.2009
|
| | Data injection possibility connected with SSL in-session renegotiation. |
| | Apache DoS
|
| | Data exceeding Content-length value causes CPU exhaustion. mod_deflate doesn't break file compress operation if client disconnects. |
| | Apache protection bypass
|
| | Invalid IncludesNOEXEC option processing allows code execution via included .shtml files. |
| | Apache mod_proxy_ftp crossite scripting
|
| | Crossite scripting on FTP server content displaying. |
| 6! | Apache multiple DoS conditions
|
| | mod_proxy requests recursion, mod_ssl memory leak. |
| | Apache multiple security vulnerabilities
updated since 12.01.2008
|
| | mod_proxy_balancer сrossite scripting, crossite requests forgery, memory corruption, DoS, mod_proxy_ftp and mod_status, mod_negotiation - crossite scripting. |
| | Apache crossite scripting
|
| | Crossite scripting with UTF-7 characters on directories listing and error messages. |
| | Apache httpd multiple local DoS conditions
updated since 30.05.2007
|
| | It's possible to manipalte main worker process causing it to send SIGUSR signal from root to any process, process halt, resources exhaustions. |
| | Apache mod_mem_cache information leak
|
| | Under some conditions data from previsously sent server reply headers may be leaked. |
| 6! | Apache suexec multiple vulnerabilities
|
| | RAce conditions on symbolic links handling, access to partially matched directories, privilege escalation because of absent GID/UID check. |
| | Apache for Windows script source code leak
|
| | It's possible to access script code if cgi-bin is within DocumentRoot. |
| 7! | Apache crossite scripting
|
| | By using Expect: header it's possible to inject HTML code to another site's context. |
| | |
