Apache 1.3 — Vulnerabilities

Critical 10.0

1999-09-29= 1.0.3

CVE

Critical 10.0

2004-09-01< 1.3.2

CVE

Critical 10.0

2004-06-23< 1.3.32

httpd mod_proxy buffer overflow

CVE

Critical 9.8

2001-10-12= 1.3.14

CVE

High 7.8 Unfixed

2011-08-29≤ 1.3.42

httpd: multiple ranges DoS

CVE

High 7.8

2004-10-26< 1.3.33

httpd mod_include SSI overflow

CVE

High 7.6

2006-07-28< 1.3.37

CVE

High 7.5

2005-04-21≥ 1.3.31 and ≤ 1.3.31

CVE

High 7.5

2005-04-21< 1.3.19

CVE

High 7.5

2005-07-14≥ 1.3.11 and ≤ 1.3.20

CVE

High 7.5

2002-05-03≥ 1.3.17 and ≤ 1.3.22

CVE

High 7.5

2003-04-02< 1.3.24

CVE

High 7.5

2003-04-02< 1.3.26

security flaw

CVE

High 7.5

2002-10-05< 1.3.27

security flaw

CVE

High 7.5

2004-03-25< 1.3.31

security flaw

CVE

High 7.5

2004-09-01< 1.3.31

CVE

High 7.5

2004-02-03< 1.3.31

httpd mod_digest nonce not verified

CVE

High 7.4 Unfixed

2025-07-10≤ 1.3.42

Apache HTTP Server: mod_ssl TLS upgrade attack

CVE

High 7.2

2002-10-05< 1.3.27

security flaw

CVE

High 7.2

2003-10-30< 1.3.29

security flaw

CVE

Medium 6.8

2004-09-01< 1.3.27

security flaw

CVE

Medium 6.8

2010-02-02< 1.3.42

rhn-apache: buffer overflow via integer overflow vulnerability on 64bit platforms

CVE

Medium 5.0

2005-08-05≥ 1.3.9 and ≤ 1.3.23

CVE

Medium 5.0

2004-09-01≤ 1.3.29

CVE

Medium 5.0

2001-01-22= 1.3.12

CVE

Medium 5.0

2004-09-01≤ 1.3.6

CVE

Medium 5.0

1999-09-29< 1.3.0

CVE

Medium 5.0

2002-06-25≥ 1.3.14 and ≤ 1.3.19

CVE

Medium 5.0

2001-01-22= 1.3.12

CVE

Medium 5.0

2002-06-25< 1.3.22

security flaw

CVE

Medium 5.0

2004-09-01≤ 1.3.29

CVE

Medium 5.0

2005-07-14= 1.3.19

CVE

Medium 5.0 Unfixed

2011-12-27≤ 1.3.42

httpd: Apache Slowloris denial of service

CVE

Medium 5.0 Unfixed

2011-10-05≤ 1.3.42

httpd: reverse web proxy vulnerability

CVE

Medium 5.0

2002-08-31< 1.3.11

CVE

Medium 5.0

2002-08-31< 1.3.14

CVE

Medium 5.0

2001-01-22< 1.3.14

security flaw

CVE

Medium 5.0

2000-10-13< 1.3.14

CVE

Medium 5.0

2002-02-02< 1.3.19

CVE

Medium 5.0

2002-06-25< 1.3.20

CVE

Medium 5.0

2002-03-09< 1.3.22

security flaw

CVE

Medium 5.0

2001-10-12< 1.3.22

CVE

Medium 5.0

2003-03-28< 1.3.26

security flaw

CVE

Medium 5.0

2003-07-25< 1.3.28

CVE

Medium 5.0

2004-09-01< 1.3.31

security flaw

CVE

Medium 4.7

2007-06-20< 1.3.39

httpd scoreboard lack of PID protection

CVE

Medium 4.6

2005-04-27≤ 1.3.27

CVE

Medium 4.3

2007-10-20≥ 1.3.22 and ≤ 1.3.27

httpd information disclosure in FileEtag

CVE

Medium 4.3

2008-01-25≤ 1.3.39

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

CVE

Medium 4.3 Unfixed

2011-11-30≤ 1.3.42

httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix

CVE

Medium 4.3

2002-08-31< 1.3.12

CVE

Medium 4.3

2006-07-28< 1.3.35

httpd: Expect header XSS

CVE

Medium 4.3

2005-12-13< 1.3.35

httpd cross-site scripting flaw in mod_imap

CVE

Medium 4.3

2007-06-27< 1.3.39

httpd mod_status XSS

CVE

Medium 4.3

2008-01-08< 1.3.40

apache mod_status cross-site scripting

CVE

Medium 4.3

2007-12-13< 1.3.41

httpd: mod_imagemap XSS

CVE

Low 3.3

2005-07-14< 1.3.31

httpd: log files contain information directly supplied by clients and does not filter or quote control characters

CVE

Low 2.9

2001-02-14= 1.3.14

httpd: allows local users to overwrite arbitrary files via a symlink attack

CVE

Low 2.6

2002-10-25≤ 1.3.27

CVE

Low 2.6

2008-01-25≤ 1.3.39

httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled

CVE

Low 2.1

2005-07-14≥ 1.3.11 and ≤ 1.3.20

CVE

Low 2.1

2005-02-06= 1.3.31

CVE