Apache Http Server vulnerabilities
310 known vulnerabilities affecting apache/http_server.
Total CVEs
310
CISA KEV
5
actively exploited
Public exploits
69
Exploited in wild
7
Severity breakdown
CRITICAL35HIGH100MEDIUM162LOW13
Vulnerabilities
Page 16 of 16
CVE-1999-1053HIGHCVSS 7.5PoCv1.3.91999-09-13
CVE-1999-1053 [HIGH] CVE-1999-1053: guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separator
guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
nvd
CVE-1999-0926CRITICALCVSS 10.0PoCv1.2.51999-09-03
CVE-1999-0926 [CRITICAL] CVE-1999-0926: Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
nvd
CVE-2000-1206MEDIUMCVSS 5.0v1.3.9v1.3.101999-08-20
CVE-2000-1206 [MEDIUM] CVE-2000-1206: Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewr
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
nvd
CVE-1999-1199CRITICALCVSS 10.0≤ 1.3.11998-08-07
CVE-1999-1199 [CRITICAL] CVE-1999-1199: Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource e
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
nvd
CVE-1999-0107MEDIUMCVSS 5.0PoCv0.8.11v0.8.14+7 more1997-12-30
CVE-1999-0107 [MEDIUM] CVE-1999-0107: Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service wi
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
nvd
CVE-1999-0071HIGHCVSS 7.5v1.1.11997-09-01
CVE-1999-0071 [HIGH] CVE-1999-0071: Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
nvd
CVE-1999-0236HIGHCVSS 7.5PoCfixed in 1.01997-01-01
CVE-1999-0236 [HIGH] CVE-1999-0236: ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
nvd
CVE-1999-0045HIGHCVSS 7.5PoCv0.8.11v0.8.14+5 more1996-12-10
CVE-1999-0045 [HIGH] CVE-1999-0045: List of arbitrary files on Web host via nph-test-cgi script.
List of arbitrary files on Web host via nph-test-cgi script.
nvd
CVE-1999-0070MEDIUMCVSS 5.0PoCfixed in 1.3.01996-04-01
CVE-1999-0070 [MEDIUM] CVE-1999-0070: test-cgi program allows an attacker to list files on the server.
test-cgi program allows an attacker to list files on the server.
nvd
CVE-1999-0067CRITICALCVSS 10.0v1.0.31996-03-20
CVE-1999-0067 [CRITICAL] CWE-78 CVE-1999-0067: phf CGI program allows remote command execution through shell metacharacters.
phf CGI program allows remote command execution through shell metacharacters.
nvd
← Previous16 / 16