Apache Http Server vulnerabilities

CVE-2008-0456 [LOW] CWE-74 CVE-2008-0456: CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earli CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line n

CVE-2007-6423 [HIGH] CWE-399 CVE-2007-6423: Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue

CVE-2007-6420 [MEDIUM] CWE-352 CVE-2007-6420: Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Ap Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

CVE-2008-0005 [MEDIUM] CWE-79 CVE-2008-0005: mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

CVE-2007-6388 [MEDIUM] CWE-79 CVE-2007-6388: Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6 Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2007-6422 [MEDIUM] CWE-399 CVE-2007-6422: The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, w The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

CVE-2007-6421 [LOW] CWE-79 CVE-2007-6421: Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTT Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

CVE-2007-6514 [MEDIUM] CWE-200 CVE-2007-6514: Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbf Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.

CVE-2007-5000 [MEDIUM] CWE-79 CVE-2007-5000: Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2007-6203 [MEDIUM] CVE-2007-6203: Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP r Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containin

CVE-2007-4465 [MEDIUM] CWE-79 CVE-2007-4465: Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that

CVE-2007-3847 [MEDIUM] CWE-125 CVE-2007-3847: The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threa The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

CVE-2007-1863 [MEDIUM] CVE-2007-1863: cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a th cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

CVE-2006-5752 [MEDIUM] CVE-2006-5752: Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Ser Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type i

CVE-2007-3303 [MEDIUM] CWE-94 CVE-2007-3303: Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large numb

CVE-2007-3304 [MEDIUM] CVE-2007-3304: Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a de Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

CVE-2007-1862 [MEDIUM] CVE-2007-1862: The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of he The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.

CVE-2007-1741 [MEDIUM] CWE-362 CVE-2007-1741: Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file va Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks descr

CVE-2007-1743 [MEDIUM] CVE-2007-1743: suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on a

CVE-2007-1742 [LOW] CVE-2007-1742: suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the curre suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that