Security issues affecting Apache httpd 2.0.51

This page gives a list of all the vulnerabilities that are known to affect version 2.0.51 of Apache httpd. Note however that some vendor versions of Apache may already contain backported security patches for some of these issues, so if you're using a vendor-supplied version of Apache contact your vendor for details.

You can also see an alternative view of this data which lists which vulnerabilities were fixed in each version

Apache Week rates the severity of each issue based on the overall impact to users

Examine another version -- 2.0.52 -- 2.0.51 -- 2.0.50 -- 2.0.49 -- 2.0.48 -- 2.0.47 -- 2.0.46 -- 2.0.45 -- 2.0.44 -- 2.0.43 -- 2.0.42 -- 2.0.40 -- 2.0.39 -- 2.0.37 -- 2.0.36 -- 2.0.35 -- 1.3.32 -- 1.3.31 -- 1.3.29 -- 1.3.28 -- 1.3.27 -- 1.3.26 -- 1.3.24 -- 1.3.22 -- 1.3.20 -- 1.3.19 -- 1.3.17 -- 1.3.14 -- 1.3.12 -- 1.3.11 -- 1.3.9 -- 1.3.6 -- 1.3.4 -- 1.3.3 -- 1.3.2 -- 1.3.1 -- 1.3.0

important: Memory consumption DoS CAN-2004-0942

An issue was discovered where the field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server the ability to cause Apache children to consume proportional amounts of memory, leading to a denial of service.

important: Basic authentication bypass CAN-2004-0811

A flaw in Apache 2.0.51 (only) broke the merging of the Satisfy directive which could result in access being granted to resources despite any configured authentication

moderate: SSLCipherSuite bypass CAN-2004-0885

An issue has been discovered in the mod_ssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any cipher suite allowed by the virtual host configuration.