Filtered by vendor Apache
Subscriptions
Total
2392 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0926 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
| Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | ||||
| CVE-1999-0678 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-11-20 | N/A |
| A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | ||||
| CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2024-11-20 | N/A |
| The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | ||||
| CVE-1999-0236 | 2 Apache, Illinois | 2 Http Server, Ncsa Httpd | 2024-11-20 | 7.5 High |
| ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | ||||
| CVE-1999-0107 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
| Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | ||||
| CVE-1999-0071 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
| Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | ||||
| CVE-1999-0070 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
| test-cgi program allows an attacker to list files on the server. | ||||
| CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2024-11-20 | N/A |
| phf CGI program allows remote command execution through shell metacharacters. | ||||
| CVE-1999-0045 | 2 Apache, Netscape | 4 Http Server, Commerce Server, Communications Server and 1 more | 2024-11-20 | N/A |
| List of arbitrary files on Web host via nph-test-cgi script. | ||||
| CVE-2024-45537 | 1 Apache | 1 Druid | 2024-10-01 | 6.5 Medium |
| Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide for their JDBC connections. By default, this allowed properties list restricts users to TLS-related properties only. However, when configuration a MySQL JDBC connection, users can use a particularly-crafted JDBC connection string to provide properties that are not on this allow list. Users without the permission to configure JDBC connections are not able to exploit this vulnerability. CVE-2021-26919 describes a similar vulnerability which was partially addressed in Apache Druid 0.20.2. This issue is fixed in Apache Druid 30.0.1. | ||||
| CVE-2024-42361 | 1 Apache | 1 Hertzbeat | 2024-09-03 | 7.5 High |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection. | ||||
| CVE-2024-42362 | 2 Apache, Dromara | 2 Hertzbeat, Hertzbeat | 2024-08-28 | 8.8 High |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0. | ||||