Shodan
Vulnerabilities
Vulnerable Software
Apache:  Security Vulnerabilities
CVE-2001-0131
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
CVSS Score
3.3
EPSS Score
0.001
Published
2001-03-12
CVE-2001-0925
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
CVSS Score
5.0
EPSS Score
0.895
Published
2001-03-12
CVE-2001-0042
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
CVSS Score
5.0
EPSS Score
0.42
Published
2001-02-16
CVE-2000-0913
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
CVSS Score
5.0
EPSS Score
0.062
Published
2000-12-19
CVE-2000-0868
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
CVSS Score
5.0
EPSS Score
0.088
Published
2000-11-14
CVE-2000-0869
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.
CVSS Score
5.0
EPSS Score
0.106
Published
2000-11-14
CVE-2000-0759
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
CVSS Score
6.4
EPSS Score
0.398
Published
2000-10-20
CVE-2000-0760
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
CVSS Score
6.4
EPSS Score
0.386
Published
2000-10-20
CVE-2000-1204
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
CVSS Score
5.0
EPSS Score
0.049
Published
2000-10-13
CVE-2000-0672
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
CVSS Score
5.0
EPSS Score
0.032
Published
2000-07-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved