Apache: >> Http Server >> 2.0.46 Security Vulnerabilities
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
CVSS Score
10.0
EPSS Score
0.101
Published
2003-11-03
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
CVSS Score
6.4
EPSS Score
0.207
Published
2003-08-18
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
CVSS Score
5.0
EPSS Score
0.129
Published
2003-08-18
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
CVSS Score
5.0
EPSS Score
0.117
Published
2003-08-18
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
CVSS Score
5.0
EPSS Score
0.322
Published
2003-03-18
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
CVSS Score
5.0
EPSS Score
0.017
Published
2001-12-31
Page 11