Apache: >> Http Server >> 2.0.38 Security Vulnerabilities
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
CVSS Score
5.0
EPSS Score
0.602
Published
2002-09-05
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
CVSS Score
7.5
EPSS Score
0.863
Published
2002-08-12
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
CVSS Score
5.0
EPSS Score
0.017
Published
2001-12-31
Page 12