None

29 Dec 2021

      documented for Apache (without additional plugins):

* 2001-07-10: Apache Possible Directory Index Disclosure Vulnerability
* 2001-06-10: MacOS X Client Apache File Protection Bypass Vulnerability
* 2001-04-12: Apache Web Server HTTP Request Denial of Service Vulnerability
* 2001-03-13: Apache Artificially Long Slash Path Directory Listing
Vulnerability
* 2000-12-06: Apache Web Server with Php 3 File Disclosure Vulnerability
* 2000-09-29: Apache Rewrite Module Arbitrary File Disclosure Vulnerability
* 2000-09-07: SuSE Apache WebDAV Directory Listings Vulnerability
* 2000-05-31: Apache HTTP Server (win32) Root Directory Access Vulnerability
* 1999-09-25: NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
* 1998-09-03: Multiple Vendor MIME Header DoS Vulnerability
* 1998-01-06: Apache Web Server DoS Vulnerability
* 1997-01-12: Apache mod_cookies Buffer Overflow Vulnerability
* 1996-12-10: Multiple Vendor nph-test-cgi Vulnerability
* 1996-04-01: Multiple Vendor test-cgi Directory Listing Vulnerability
* 1996-03-20: phf Remote Command Execution Vulnerability

However, due to Apache's extensible nature (like IIS), I expect the actual
number is much higher.  For example, AKAIK the Code Red Worm attacked a DLL
running one of the additional IIS services, not the IIS core directly.

Ashley