Server vulnerabilities
Showing 301 - 315 of 315 CVEs
- CVE-1999-0926 Published Sep 3, 1999
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
- CVE-2000-1206 Published Aug 20, 1999
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
- CVE-1999-0929 Published Jun 16, 1999
Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests.
- CVE-1999-1237 Published Jun 6, 1999
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
- CVE-1999-1412 Published Jun 3, 1999
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
- CVE-1999-0678 Published Jan 17, 1999
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
- CVE-1999-1199 Published Aug 7, 1998
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
- CVE-1999-0107 Published Dec 30, 1997
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
- CVE-1999-1125 Published Sep 19, 1997
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
- CVE-1999-0071 Published Sep 1, 1997
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
- CVE-1999-1068 Published Jul 23, 1997
Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.
- CVE-1999-0236 Published Jan 1, 1997
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
- CVE-1999-0045 Published Dec 10, 1996
List of arbitrary files on Web host via nph-test-cgi script.
- CVE-1999-0070 Published Apr 1, 1996
test-cgi program allows an attacker to list files on the server.
- CVE-1999-0067 Published Mar 20, 1996
phf CGI program allows remote command execution through shell metacharacters.
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests.
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
high 7.5
List of arbitrary files on Web host via nph-test-cgi script.
test-cgi program allows an attacker to list files on the server.
phf CGI program allows remote command execution through shell metacharacters.