· 6 years ago · Jul 06, 2019, 08:42 PM
1#######################################################################################################################################
2=======================================================================================================================================
3 Hostname www.kyodo-senpaku.co.jp ISP Computer Engineering & Consulting, Ltd.
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Unknown Local time 07 Jul 2019 00:25 JST
8City Unknown Postal Code Unknown
9IP Address 211.13.196.135 Latitude 35.69
10=====================================================================================================================================
11#######################################################################################################################################
12> www.kyodo-senpaku.co.jp
13Server: 185.93.180.131
14Address: 185.93.180.131#53
15
16Non-authoritative answer:
17Name: www.kyodo-senpaku.co.jp
18Address: 211.13.196.135
19>
20#######################################################################################################################################
21[ JPRS database provides information on network administration. Its use is ]
22[ restricted to network administration purposes. For further information, ]
23[ use 'whois -h whois.jprs.jp help'. To suppress Japanese output, add'/e' ]
24[ at the end of command, e.g. 'whois -h whois.jprs.jp xxx/e'. ]
25
26Domain Information:
27a. [Domain Name] KYODO-SENPAKU.CO.JP
28g. [Organization] Kyodosenpaku corporation
29l. [Organization Type] Corporation
30m. [Administrative Contact] TN5822JP
31n. [Technical Contact] HY4200JP
32p. [Name Server] ns.namedserver.net
33p. [Name Server] ns2.namedserver.net
34s. [Signing Key]
35[State] Connected (2019/09/30)
36[Registered Date] 2001/09/06
37[Connected Date] 2001/09/25
38[Last Update] 2018/10/01 01:01:43 (JST)
39#######################################################################################################################################
40[+] Target : www.kyodo-senpaku.co.jp
41
42[+] IP Address : 211.13.196.135
43
44[+] Headers :
45
46[+] Date : Sat, 06 Jul 2019 15:34:21 GMT
47[+] Server : Apache
48[+] Last-Modified : Thu, 16 May 2019 01:55:00 GMT
49[+] ETag : "3339-588f78dbfa500"
50[+] Accept-Ranges : bytes
51[+] Content-Length : 13113
52[+] Keep-Alive : timeout=2, max=100
53[+] Connection : Keep-Alive
54[+] Content-Type : text/html
55
56[+] SSL Certificate Information :
57
58[+] countryName : JP
59[+] stateOrProvinceName : Tokyo
60[+] localityName : Shibuya
61[+] organizationName : GMO CLOUD K.K.
62[+] commonName : sni.red.shared-server.net
63[+] countryName : JP
64[+] stateOrProvinceName : Tokyo
65[+] localityName : Shibuya
66[+] organizationName : GMO CLOUD K.K.
67[+] commonName : sni.red.shared-server.net
68[+] Version : 1
69[+] Serial Number : C9FAB090556C44F3
70[+] Not Before : Apr 10 02:09:25 2017 GMT
71[+] Not After : Apr 8 02:09:25 2027 GMT
72
73[+] Whois Lookup :
74
75[+] NIR : {'query': '211.13.196.135', 'raw': None, 'nets': [{'cidr': '211.13.192.0/21', 'name': 'GMOCLOUD K.K.', 'handle': 'GMOCLOUD-NET', 'range': '211.13.192.1 - 211.13.199.255', 'country': 'JP', 'address': None, 'postal_code': None, 'nameservers': ['ns.namedserver.net', 'ns2.namedserver.net'], 'created': None, 'updated': '2019-04-25T09:56:03', 'contacts': {'admin': {'email': 'mex@gmo-hs.com', 'organization': 'GMOCLOUD K.K', 'division': 'System Operation Section, Service Operations Dev.', 'phone': '03-6415-6100', 'fax': '03-6415-6101', 'updated': '2019-04-25T09:08:03'}, 'tech': {'email': 'mex@gmo-hs.com', 'organization': 'GMOCLOUD K.K', 'division': 'System Operation Section, Service Operations Dev.', 'phone': '03-6415-6100', 'fax': '03-6415-6101', 'updated': '2019-04-25T09:08:03'}}}]}
76[+] ASN Registry : apnic
77[+] ASN : 7514
78[+] ASN CIDR : 211.13.192.0/19
79[+] ASN Country Code : JP
80[+] ASN Date : 1999-11-22
81[+] ASN Description : MEX Computer Engineering & Consulting, Ltd., JP
82[+] cidr : 211.8.0.0/13, 211.16.0.0/14
83[+] name : JPNIC-NET-JP
84[+] handle : JNIC1-AP
85[+] range : 211.8.0.0 - 211.19.255.255
86[+] description : Japan Network Information Center
87[+] country : JP
88[+] state : None
89[+] city : None
90[+] address : Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
91Chiyoda-ku, Tokyo 101-0047, Japan
92[+] postal_code : None
93[+] emails : ['hostmaster@nic.ad.jp']
94[+] created : None
95[+] updated : None
96
97[+] Crawling Target...
98
99[+] Looking for robots.txt........[ Not Found ]
100[+] Looking for sitemap.xml.......[ Not Found ]
101[+] Extracting CSS Links..........[ 5 ]
102[+] Extracting Javascript Links...[ 4 ]
103[+] Extracting Internal Links.....[ 1 ]
104[+] Extracting External Links.....[ 4 ]
105[+] Extracting Images.............[ 40 ]
106
107[+] Total Links Extracted : 54
108
109[+] Dumping Links in /opt/FinalRecon/dumps/www.kyodo-senpaku.co.jp.dump
110[+] Completed!
111######################################################################################################################################
112[+] Starting At 2019-07-06 11:34:25.389073
113[+] Collecting Information On: www.kyodo-senpaku.co.jp
114[#] Status: 404
115--------------------------------------------------
116[#] Web Server Detected: Apache
117[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
118- Date: Sat, 06 Jul 2019 15:34:15 GMT
119- Server: Apache
120- Content-Length: 198
121- Keep-Alive: timeout=2, max=50
122- Connection: Keep-Alive
123- Content-Type: text/html; charset=iso-8859-1
124--------------------------------------------------
125[#] Finding Location..!
126[#] as: AS7514 Computer Engineering & Consulting, Ltd.
127[#] city: Chiyoda
128[#] country: Japan
129[#] countryCode: JP
130[#] isp: mex
131[#] lat: 35.6775
132[#] lon: 139.762
133[#] org: ComputerEngineering&Consulting, Ltd.
134[#] query: 211.13.196.135
135[#] region: 13
136[#] regionName: Tokyo
137[#] status: success
138[#] timezone: Asia/Tokyo
139[#] zip: 289-2614
140--------------------------------------------------
141[x] Didn't Detect WAF Presence on: https://www.kyodo-senpaku.co.jp/
142--------------------------------------------------
143[#] Starting Reverse DNS
144[!] Found 116 any Domain
145- agprintshop.com
146- asakusa-matsunami.co.jp
147- asakusamikawaya.com
148- athlete-web.com
149- bright3.jp
150- calaworld.com
151- centraza.com
152- earth-aso.jp
153- esa.gr.jp
154- fukueifudousan.com
155- fumiere.com
156- higashikyusyu-ds.jp
157- honey-de.com
158- hpstore.jp
159- j-hanbs.or.jp
160- japan-stay.com
161- kasuga.or.jp
162- kiwat.com
163- ko-and-co.com
164- kogaku-buhin.com
165- komukaimushusei.com
166- kurohime-kogen.co.jp
167- kyodo-senpaku.co.jp
168- kyoujin.xyz
169- mexichemfluor.co.jp
170- mkumi.com
171- mokutankan.com
172- ouzan.net
173- reform-anshin.com
174- shirakawa-go.com
175- sp-aichi.com
176- sunsystemai.co.jp
177- tfec9.org
178- torito.jp
179- tsujimoto-hifuka.com
180- worldmarketingsummit.jp
181- www.9-jin.jp
182- www.9129.co.jp
183- www.aoki-shoten.co.jp
184- www.aoyamabs.jp
185- www.applek.com
186- www.augur.jp
187- www.beauxyeux.jp
188- www.cafe-fish.com
189- www.centraza.com
190- www.cic-ip.com
191- www.clamp-kakuta.com
192- www.cos.co.jp
193- www.daiken-s.co.jp
194- www.dokutoruyo.com
195- www.e-khp.com
196- www.einstein1905.info
197- www.elph.jp
198- www.elue.jp
199- www.eri-kawai.com
200- www.f-wood.com
201- www.falcon24.com
202- www.fpfacile.co.jp
203- www.friendship-co.jp
204- www.fuso-auto.co.jp
205- www.gee.co.jp
206- www.geo-prd.co.jp
207- www.go-fuku.jp
208- www.gondo.com
209- www.gyosei-grp.or.jp
210- www.hanataro.com
211- www.hanawasangyo.co.jp
212- www.hashimaya.com
213- www.hn-group.co.jp
214- www.honnoji.co.jp
215- www.imdoor.com
216- www.islandbrain.co.jp
217- www.jpn-ga.jp
218- www.kawamura-seiki.co.jp
219- www.kenko-baseball.com
220- www.koji-okada.com
221- www.konan-crane.or.jp
222- www.kurohime-kogen.co.jp
223- www.kyowaseiko.co.jp
224- www.luminous-hotel.co.jp
225- www.meijiza-ac.jp
226- www.n-s-system.co.jp
227- www.nagoyakamotsu.com
228- www.natulux.com
229- www.nichidaifilter.co.jp
230- www.nichiei-ind.com
231- www.niku-mansei.com
232- www.nobustyle.jp
233- www.nodajuku.co.jp
234- www.ohm.jp
235- www.piolink.co.jp
236- www.pjgroup.jp
237- www.pradera.co.jp
238- www.presen.co.jp
239- www.ropex.com
240- www.royalroadginza.com
241- www.saibad.com
242- www.sanage-cc.com
243- www.schoolaidjapan.or.jp
244- www.seiwabussan.co.jp
245- www.st-staff.co.jp
246- www.sukoken.or.jp
247- www.sysaudit.gr.jp
248- www.tabba.org
249- www.tire-tengoku.com
250- www.tocollo.co.jp
251- www.totoro.or.jp
252- www.toyota-kobe.ac.jp
253- www.translatejapan.com
254- www.tsuruga.co.jp
255- www.web-isin.net
256- www.wsp.gr.jp
257- www.yogekisha.com
258- www.yoshiiclinic.jp
259- yakugaku.or.jp
260- yokkaichidome.com
261--------------------------------------------------
262[!] Scanning Open Port
263[#] 80/tcp open http
264[#] 443/tcp open https
265--------------------------------------------------
266[+] Collecting Information Disclosure!
267#######################################################################################################################################
268[i] Scanning Site: http://www.kyodo-senpaku.co.jp
269
270
271
272B A S I C I N F O
273====================
274
275
276[+] Site Title: 共同船舶株式会社|捕鯨と鯨肉販売のプロフェッショナル企業
277[+] IP address: 211.13.196.135
278[+] Web Server: Apache
279[+] CMS: Could Not Detect
280[+] Cloudflare: Not Detected
281[+] Robots File: Could NOT Find robots.txt!
282#######################################################################################################################################
283
284
285
286W H O I S L O O K U P
287========================
288
289 [ JPRS database provides information on network administration. Its use is ]
290[ restricted to network administration purposes. For further information, ]
291[ use 'whois -h whois.jprs.jp help'. To suppress Japanese output, add'/e' ]
292[ at the end of command, e.g. 'whois -h whois.jprs.jp xxx/e'. ]
293
294Domain Information:
295a. [Domain Name] KYODO-SENPAKU.CO.JP
296g. [Organization] Kyodosenpaku corporation
297l. [Organization Type] Corporation
298m. [Administrative Contact] TN5822JP
299n. [Technical Contact] HY4200JP
300p. [Name Server] ns.namedserver.net
301p. [Name Server] ns2.namedserver.net
302s. [Signing Key]
303[State] Connected (2019/09/30)
304[Registered Date] 2001/09/06
305[Connected Date] 2001/09/25
306[Last Update] 2018/10/01 01:01:43 (JST)
307#######################################################################################################################################
308
309
310
311
312G E O I P L O O K U P
313=========================
314
315[i] IP Address: 211.13.196.135
316[i] Country: Japan
317[i] State:
318[i] City:
319[i] Latitude: 35.69
320[i] Longitude: 139.69
321#######################################################################################################################################
322
323
324
325H T T P H E A D E R S
326=======================
327
328
329[i] HTTP/1.1 200 OK
330[i] Date: Sat, 06 Jul 2019 15:34:22 GMT
331[i] Server: Apache
332[i] Last-Modified: Thu, 16 May 2019 01:55:00 GMT
333[i] ETag: "3339-588f78dbfa500"
334[i] Accept-Ranges: bytes
335[i] Content-Length: 13113
336[i] Connection: close
337[i] Content-Type: text/html
338#######################################################################################################################################
339
340
341
342D N S L O O K U P
343===================
344
345kyodo-senpaku.co.jp. 3599 IN A 211.13.196.135
346kyodo-senpaku.co.jp. 21599 IN NS ns2.namedserver.net.
347kyodo-senpaku.co.jp. 21599 IN NS ns.namedserver.net.
348kyodo-senpaku.co.jp. 3599 IN SOA ns.namedserver.net. root.namedserver.net. 2327379400 10800 1800 259200 1800
349kyodo-senpaku.co.jp. 3599 IN MX 100 mx.kyodo-senpaku.co.jp.
350#######################################################################################################################################
351
352
353
354S U B N E T C A L C U L A T I O N
355====================================
356
357Address = 211.13.196.135
358Network = 211.13.196.135 / 32
359Netmask = 255.255.255.255
360Broadcast = not needed on Point-to-Point links
361Wildcard Mask = 0.0.0.0
362Hosts Bits = 0
363Max. Hosts = 1 (2^0 - 0)
364Host Range = { 211.13.196.135 - 211.13.196.135 }
365#######################################################################################################################################
366
367
368N M A P P O R T S C A N
369============================
370
371Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 15:34 UTC
372Nmap scan report for kyodo-senpaku.co.jp (211.13.196.135)
373Host is up (0.16s latency).
374rDNS record for 211.13.196.135: sv3.isle.ne.jp
375
376PORT STATE SERVICE
37721/tcp filtered ftp
37822/tcp filtered ssh
37923/tcp filtered telnet
38080/tcp open http
381110/tcp filtered pop3
382143/tcp filtered imap
383443/tcp open https
3843389/tcp filtered ms-wbt-server
385
386Nmap done: 1 IP address (1 host up) scanned in 3.14 seconds
387#######################################################################################################################################
388
389
390S U B - D O M A I N F I N D E R
391==================================
392
393
394[i] Total Subdomains Found : 1
395
396[+] Subdomain: mx.kyodo-senpaku.co.jp
397[-] IP: 211.13.204.4
398
399
400######################################################################################################################################
401Enter Address Website = kyodo-senpaku.co.jp
402
403
404
405Reversing IP With HackTarget 'kyodo-senpaku.co.jp'
406-----------------------------------------------------
407
408[+] 1advantage.info
409[+] 1charinko.com
410[+] 4lz.info
411[+] 8kyouwa.co.jp
412[+] 8tai.com
413[+] 8-buyers.co.jp
414[+] 21ccs.jp
415[+] 80pan.com
416[+] 816apart.com
417[+] 910animal.com
418[+] 1631.jp
419[+] 2525meiseikai.com
420[+] 7061.jp
421[+] 9129.co.jp
422[+] 9321.jp
423[+] 322323.com
424[+] abeseiki.com
425[+] ability-design.com
426[+] ablease-kikai.co.jp
427[+] acescroud.com
428[+] active-y.jp
429[+] adabio.co.jp
430[+] adgoods.net
431[+] ad-sign.co.jp
432[+] aegis-cbp.com
433[+] aerodrome.jp
434[+] aida-kagi.com
435[+] aioi-ss.co.jp
436[+] ai-inovate.com
437[+] ajwpa.or.jp
438[+] akan.co.jp
439[+] akarenga-park.com
440[+] akashidenko.co.jp
441[+] akashiganka.com
442[+] akishino.net
443[+] all-japan-arts.com
444[+] alphathink.co.jp
445[+] altimake1.com
446[+] alto-g.jp
447[+] amabro.com
448[+] amakusapearl.com
449[+] amarna.jp
450[+] ambient.co.jp
451[+] amicho.com
452[+] amiu-jp.com
453[+] amsl.or.jp
454[+] amyurion.com
455[+] anacpsapporo.com
456[+] andante-largo.com
457[+] animals.co.jp
458[+] anmaki.jp
459[+] anvics.co.jp
460[+] aoi-law.com
461[+] aokisan.net
462[+] aoki-shoten.co.jp
463[+] aomorism.com
464[+] aoyamabs.jp
465[+] apatto.jp
466[+] apc-creation.biz
467[+] apex-jp.net
468[+] apollo-sekiyu.com
469[+] aqs.jp
470[+] arcadia-tokyo.com
471[+] architecture-forum.net
472[+] arc-system.co.jp
473[+] arden-heiwa.co.jp
474[+] areaaid.co.jp
475[+] areiz.jp
476[+] arigatocorp.com
477[+] arisa-animals.com
478[+] aromachouchou.com
479[+] aromavera.jp
480[+] artlux.jp
481[+] art-glb.com
482[+] art-news.co.jp
483[+] arvo.jp
484[+] asahidoh-p.com
485[+] asahimusen.com
486[+] asahiprint.com
487[+] asakusamikawaya.com
488[+] asakusa-matsunami.co.jp
489[+] asami-corporation.com
490[+] ashiuratengoku.co.jp
491[+] asianbagus.com
492[+] asia-shimodate.com
493[+] asisut-sekkotsuin.net
494[+] asobilabo.com
495[+] asset-guardian.co.jp
496[+] assorezo.com
497[+] astrology-lovers.com
498[+] asuka-acc.jp
499[+] asver-service.jp
500[+] atena-t.com
501[+] athlete-web.com
502[+] atlaseengineer.com
503[+] atsushi-hoshino.com
504[+] autobahn-yamamoto.co.jp
505[+] autoservice-m.com
506[+] awa-miyoshi.jp
507[+] a-caeser.jp
508[+] backbone-eda.com
509[+] bakery-lille-far.com
510[+] bananachips.jp
511[+] banjiro.com
512[+] bark-inc.com
513[+] baseballplayers.info
514[+] bass-ishida.com
515[+] bdss.jp
516[+] bearsign.jp
517[+] bearslope.com
518[+] beauty-artista.com
519[+] beauty-stage.net
520[+] beauxyeux.jp
521[+] becrew.info
522[+] belient.com
523[+] beni-ya.jp
524[+] best-haken.com
525[+] be-lieve.jp
526[+] bianca-hair.com
527[+] bigot-kanazawa.com
528[+] bigtouhoku.com
529[+] big-ono.jp
530[+] bike-tenken.com
531[+] bimolab.com
532[+] biso-tom.co.jp
533[+] biwako-kirara.ed.jp
534[+] bluemousebox.com
535[+] bn-bark.com
536[+] bottakuri.com
537[+] brainvision.co.jp
538[+] brand-new-cars.com
539[+] bri.co.jp
540[+] brigit-ria.com
541[+] briko.jp
542[+] brownny.com
543[+] buddy-golfclub.com
544[+] cadlus.com
545[+] calaworld.com
546[+] camera.shimanto.tv
547[+] captain-marine.com
548[+] cardist.com
549[+] carehouseapple.com
550[+] car-s.co.jp
551[+] car-support-amenity.jp
552[+] cats-i.ac.jp
553[+] cazari.jp
554[+] centraza.com
555[+] ceremony-garden.jp
556[+] ceresbio.co.jp
557[+] cerulean-jp.com
558[+] cevague-yura.net
559[+] chiba-church.org
560[+] chiffon-fuwari.com
561[+] chikiri.co.jp
562[+] chipandcherry.com
563[+] chiyodakagaku.jp
564[+] choushimaru.co.jp
565[+] chuokiko.info
566[+] cics.co.jp
567[+] cic-ip.com
568[+] circle-h.info
569[+] ciscohimeji.com
570[+] city-osaka-ikuseikai.or.jp
571[+] ckids.jp
572[+] clairmont.jp
573[+] clamp-kakuta.com
574[+] cleanleague.com
575[+] clear1.info
576[+] clio-medsys.co.jp
577[+] clover-sapporo.net
578[+] cluar.com
579[+] cluster.jp
580[+] cl-kitazawa.com
581[+] cmcajapan.net
582[+] cmt-next.com
583[+] cns-sc.com
584[+] co15.biz
585[+] cob77.com
586[+] cochonnet2014.com
587[+] coconaranet.com
588[+] cocoro-kanda.net
589[+] coronet-t.com
590[+] couple-c.com
591[+] cpa-sugiyama.jp
592[+] creomu.com
593[+] crewprop.com
594[+] cskk-sv.co.jp
595[+] curingsimulation.jp
596[+] custard-arch.com
597[+] cybervideoschat.net
598[+] cycleplus.jp
599[+] c-d-t.jp
600[+] daialiving.com
601[+] daikakuji.jp
602[+] dainenmaterial.com
603[+] daishin-gp.co.jp
604[+] daishin-trading.com
605[+] daitomishoji.com
606[+] daiwa-consul.com
607[+] daizawaschool.com
608[+] databroad.tv
609[+] delight-dhd.jp
610[+] dental-dh.com
611[+] dentist-nakashima.jp
612[+] denyu-sha.co.jp
613[+] denzai-ryutu.co.jp
614[+] deriheeru.red
615[+] desco.shop
616[+] design.homepagemarket.jp
617[+] design-87.com
618[+] design-ax.com
619[+] design-yokosuka.co.jp
620[+] despac.jp
621[+] deuxlion.com
622[+] diatrend.com
623[+] dic-zero.co.jp
624[+] doga.wiki
625[+] doino-d.com
626[+] doitokeiya.com
627[+] dollypop.jp
628[+] dressco.jp
629[+] dr-garden.com
630[+] dynamoinc.co.jp
631[+] d-storekyoto.com
632[+] earthrun.co.jp
633[+] earth-aso.jp
634[+] ebatajidousya.com
635[+] ecoq21.jp
636[+] ecotourism.gr.jp
637[+] egao-kyushu.com
638[+] eiko-sangyo.com
639[+] einstein1905.info
640[+] elekitel.net
641[+] elph.jp
642[+] elpisjapan.com
643[+] engineer.dpt-inc.co.jp
644[+] enne-a.com
645[+] ephar2012.org
646[+] ergo-grip.jp
647[+] erimon.com
648[+] eri-kawai.com
649[+] eroepub.com
650[+] erohabunka.com
651[+] esa.gr.jp
652[+] escort.maniac-site.com
653[+] esem.jp
654[+] espace-jp.com
655[+] estate-shinwa.co.jp
656[+] este-jyu.com
657[+] est-56.com
658[+] esystem-jp.co.jp
659[+] etoile-web.co.jp
660[+] eureka-salon.com
661[+] ewai-seisakusho.co.jp
662[+] e-cleaning.net
663[+] e-fujico.com
664[+] e-geki.net
665[+] e-khp.com
666[+] e-kunii.com
667[+] e-marumatsu.jp
668[+] e-matsushima.com
669[+] e-mu.jp
670[+] e-nekot.com
671[+] e-serve21.com
672[+] e-snj.jp
673[+] e-uma.com
674[+] e-valiant.com
675[+] e-zend.jp
676[+] famune.com
677[+] favorix-recruit.com
678[+] feed-net.co.jp
679[+] fellowz.com
680[+] ferabeau.com
681[+] ff-inter.com
682[+] figure.co.jp
683[+] filmsyugi.com
684[+] fleur-sendai.net
685[+] floristhanako.com
686[+] flower-kakouen.com
687[+] flux-r.com
688[+] food-d.co.jp
689[+] fork-lift.jp
690[+] formatmedia-kc.com
691[+] fortune9.co.jp
692[+] fortune-garden.net
693[+] fpfacile.co.jp
694[+] frontier-engagement.jp
695[+] frs-sh.com
696[+] fsaito.com
697[+] fuchu-hikari.net
698[+] fud1998.com
699[+] fugu-634.com
700[+] fujikawa-web.com
701[+] fujishiro-koubou.com
702[+] fujita-lo.com
703[+] fukufuku-shinkyu.net
704[+] fukuoka24.com
705[+] fukuroi-milk.co.jp
706[+] fukushiyo.org
707[+] fukusi-otsu.or.jp
708[+] fumiere.com
709[+] funacli.jp
710[+] funtostaff.com
711[+] funwave.co.jp
712[+] furusato-dsc.com
713[+] futaba.youchien.to
714[+] futabakk.com
715[+] futoukk.com
716[+] fuyou-ball.com
717[+] gaea-area.com
718[+] galaxy.server-shared.com
719[+] gancho.net
720[+] gandhi2.com
721[+] garcon-shoes.com
722[+] gee.co.jp
723[+] gem-jade.com
724[+] genethread.net
725[+] gennaka.com
726[+] george-house.com
727[+] geo-prd.co.jp
728[+] germa-soudan.com
729[+] gift-balloon.com
730[+] gifu-vamos.com
731[+] gimick-kitasenju.com
732[+] ginzanakahisa.jp
733[+] girltalk.co.jp
734[+] global-arm.com
735[+] gmc-japan.com
736[+] godai-takao.com
737[+] goenna.net
738[+] goen-sns.com
739[+] gokurakuji.jp
740[+] goldman.jp
741[+] gold-planning.jp
742[+] golfgarage.jp
743[+] gomagoma.net
744[+] gondo.com
745[+] goodmiraisha.yokohama
746[+] good-cool.xyz
747[+] gourmet-f.com
748[+] go-asia.to
749[+] grandtr.com
750[+] gravity-web.com
751[+] gravure-idol-ranking.com
752[+] ground-blue.com
753[+] guy833.com
754[+] gyakuten.jp
755[+] gyosei-grp.or.jp
756[+] h2o-architects.com
757[+] hagimoto-kenchiku.com
758[+] hairandmake-neu.com
759[+] hairmake-lolo.biz
760[+] hair-arts.com
761[+] hakata-mermaid.com
762[+] hakushin.com
763[+] hakuyou.biz
764[+] hamazushi-newad.net
765[+] hananojuutan.jp
766[+] hanayoshino.co.jp
767[+] hana-aoh.com
768[+] hanshin-m.com
769[+] happy-dental.jp
770[+] hashimoto-law-office.jp
771[+] hatano-kogyo.co.jp
772[+] hatsukaiwa.com
773[+] hatsushimo.info
774[+] hayama-net.to
775[+] heartful-com.org
776[+] heartist.org
777[+] heart-kashiwa.jp
778[+] heiwadori.tokyo
779[+] herbarhouse.net
780[+] hiden-labo.com
781[+] higakiu.com
782[+] himes.jp
783[+] hipros.co.jp
784[+] hiraoka-chouri.jp
785[+] hiroclinic.net
786[+] hirose-ganka.com
787[+] hisagotei-moriya.com
788[+] hitohashi.com
789[+] hk-mayors.gr.jp
790[+] hohoeminoie.info
791[+] hokuetsu.co.jp
792[+] hokuetsu-motor.co.jp
793[+] holotropic-net.org
794[+] honey-de.com
795[+] hoshihime.com
796[+] hostel-guesthouse.com
797[+] hostmaster.tene.jp
798[+] hotel-ichiei.com
799[+] housei.co.jp
800[+] hoyu.biz
801[+] hpstore.jp
802[+] ht-5.com
803[+] huchuhomare.com
804[+] hwcg.co.jp
805[+] h-ikoma-dl.com
806[+] h-kouyou.com
807[+] h-t-s.net
808[+] ice7.info
809[+] ichinoya.com
810[+] ichiyasangyo.com
811[+] ic-recruit.com
812[+] ids.ne.jp
813[+] igsoap.com
814[+] iins2.jp
815[+] iizuka-ac.jp
816[+] ikctv.com
817[+] ilis.com
818[+] image-co.com
819[+] imdoor.com
820[+] imliving.com
821[+] implant-koda.com
822[+] implant-smiline.jp
823[+] inabashoji.com
824[+] ina-ina.net
825[+] inciner.jp
826[+] indieshome.com
827[+] infolink-japan.net
828[+] inglimited.com
829[+] inoya.info
830[+] intertrade21.com
831[+] iryojimu.gotogakuen.ac.jp
832[+] iseyamano.com
833[+] ishida-office.jp
834[+] ishiden.info
835[+] ishige.co.jp
836[+] ishiigumi.net
837[+] ishikawadanceschool.com
838[+] ishizaka.com
839[+] isk3.jp
840[+] isochan.com
841[+] ito-laundry.net
842[+] iwama.net
843[+] iwase-pack.jp
844[+] izh.jp
845[+] j1planning.co.jp
846[+] jahachijoshimajoseibu.tokyo
847[+] jandec.co.jp
848[+] japan-stay.com
849[+] javanews.jp
850[+] jbpma.gr.jp
851[+] jian.ne.jp
852[+] jic-sakabe.jp
853[+] jikishin-naginata.jp
854[+] jill88.com
855[+] jimplan.com
856[+] jimucen.com
857[+] jinji-romu.net
858[+] jinseidou.com
859[+] jinzai-pro.com
860[+] jipe.org
861[+] jk-jk.jp
862[+] jobs-g.com
863[+] jogakurakanko.jp
864[+] joho-tech.jp
865[+] jojohair-my.net
866[+] jolly-roger.co.jp
867[+] joysupport.jp
868[+] joytec.co.jp
869[+] jsnews.co.jp
870[+] jtechsolutions.net
871[+] jubilo.co.jp
872[+] jujutu.com
873[+] junko-vanilla.com
874[+] j-4.net
875[+] j-escom.co.jp
876[+] j-fillite.com
877[+] j-hanbs.or.jp
878[+] k2coms.com
879[+] kadoyamasouken.com
880[+] kaguch.com
881[+] kairaku.co.jp
882[+] kaiser-gg.com
883[+] kakegawa-terminalhotel.com
884[+] kakinohasushi.com
885[+] kakinoki.co.jp
886[+] kakuozan14.com
887[+] kamei-shoji.jp
888[+] kamihara-juku.jp
889[+] kamiya-in.jp
890[+] kanaturi.jp
891[+] kanazawaku-taikyou.com
892[+] kanban-face.com
893[+] kanda-denki.com
894[+] kanetsune.com
895[+] kanmiya-hanock.com
896[+] kan-kei.co.jp
897[+] kan-shinkyuseikotsuin.com
898[+] kaoyan51.net
899[+] karada8-shinkyu.net
900[+] karin-koubou.com
901[+] kasuga.or.jp
902[+] kasukabe-hikari.net
903[+] katecs.jp
904[+] kazekobo.jp
905[+] kazzz.jp
906[+] keieishien.co.jp
907[+] keikoitakura.com
908[+] keimusic.jp
909[+] keiwa.gr.jp
910[+] kei-create.com
911[+] kenko-baseball.com
912[+] ken-spirits.jp
913[+] key-s-asano.com
914[+] kfp-kenmin.co.jp
915[+] kgrape.com
916[+] khaosoi.net
917[+] kids.okidono.com
918[+] kids-angeli.com
919[+] kids-npo.com
920[+] kigawa.org
921[+] kiku-orl.com
922[+] kimono-office.com
923[+] kimpara.co.jp
924[+] kimuraseal.co.jp
925[+] kinkihomefc.jp
926[+] kinoako.com
927[+] kinoshitakensetsu.jp
928[+] kinryo.co.jp
929[+] kiokukirari.com
930[+] kireime-stylekan.com
931[+] kiriko-roll.com
932[+] kissako.tokyo
933[+] kitanihonship.co.jp
934[+] kitenkai.or.jp
935[+] kitijouinn.com
936[+] kittaka.com
937[+] kiwat.com
938[+] ki-r.com
939[+] kk-hayama.co.jp
940[+] kk-tax.com
941[+] km-e.org
942[+] knowledge-s.com
943[+] knowledge-trust.net
944[+] kobe-parkside.com
945[+] kobe-sanwa.com
946[+] kobikicho-med.jp
947[+] kobori-kometen.com
948[+] koei-tec.jp
949[+] kofu-central.co.jp
950[+] kogaku-buhin.com
951[+] kojidoriya.com
952[+] koji-okada.com
953[+] koma-st.com
954[+] konzen.jp
955[+] kosaka-arc.jp
956[+] kotani7.co.jp
957[+] koujindou.com
958[+] koumyoji.jp
959[+] kourinkaku.com
960[+] kozystudio.com
961[+] ko-and-co.com
962[+] kr.discover-fujisawa.jp
963[+] kubota-futonten.jp
964[+] kudan.or.jp
965[+] kugahara-k.ed.jp
966[+] kuhara.co.jp
967[+] kumamoto-bunkanokaze.com
968[+] kure-shinkyu.net
969[+] kure-tetsu.or.jp
970[+] kuroda-sekizai.com
971[+] kurosawajewel.co.jp
972[+] kuukankoubou-m.com
973[+] kuwasikuha.com
974[+] kuwa-kaikei.com
975[+] kyg.or.jp
976[+] kyodo-senpaku.co.jp
977[+] kyoeisekki.com
978[+] kyogakujisyo.com
979[+] kyokairengokai.jp
980[+] kyokushinfukuoka.com
981[+] kyotogaku.org
982[+] kyoto-ekouji.jp
983[+] kyoto-jin.info
984[+] kyoto-kirara.ed.jp
985[+] kyowa-fine.co.jp
986[+] kyugenji.nagoya
987[+] k-eye.com
988[+] k-e-s.biz
989[+] k-oshima.co.jp
990[+] k-ryosha.jp
991[+] k-shonan.com
992[+] k-suzukiseiki.co.jp
993[+] lakshmi.co.jp
994[+] lamiyabi.com
995[+] lamuze5.com
996[+] lancle.com
997[+] landcrew.net
998[+] lasvegasyoyaku.com
999[+] lavender-net.com
1000[+] la-raffine.com
1001[+] leafdesign.tokyo
1002[+] leaf-dental.jp
1003[+] level3.co.jp
1004[+] le-kiya.com
1005[+] libforhair.com
1006[+] lienjoux.com
1007[+] lightonic.co.jp
1008[+] lita-life.jp
1009[+] llga.or.jp
1010[+] lmconsul.com
1011[+] login.smart-storage.jp
1012[+] lohas-everwell.net
1013[+] lsupport.jp
1014[+] luminous-hotel.co.jp
1015[+] lumtric.com
1016[+] lure-rep.com
1017[+] macransa.co.jp
1018[+] madoc.co.jp
1019[+] magicbomber.com
1020[+] magic-shinya.com
1021[+] magonoteclub.co.jp
1022[+] makishika.com
1023[+] makoto-ortho.com
1024[+] mamosys.com
1025[+] manamis-kitchen.com
1026[+] maru5.net
1027[+] marukyo-g.co.jp
1028[+] maruryo.co.jp
1029[+] mash-jp.net
1030[+] mast-hiro.com
1031[+] matsumoto-s.net
1032[+] matumoto.net
1033[+] mauiinbest-house.com
1034[+] mbk-kantoh.com
1035[+] meat-yamazaki.com
1036[+] meihokudoboku.co.jp
1037[+] meijiza-ac.jp
1038[+] meiko-seiki.co.jp
1039[+] meikyosha.co.jp
1040[+] meiqs.com
1041[+] meisei.info
1042[+] meiyu.to
1043[+] mejiro-iin.jp
1044[+] menesys-lab.com
1045[+] mexichemfluor.co.jp
1046[+] mgspt.com
1047[+] mgtco.co.jp
1048[+] michio-shouji.com
1049[+] midorino.or.jp
1050[+] midori-seikotsu.net
1051[+] mikamaru.com
1052[+] miki-law.com
1053[+] mikuro.com
1054[+] minamihiyama-tsunenkoyou.net
1055[+] minamiyono.clare.jp
1056[+] minatoden.com
1057[+] miraist-patent.com
1058[+] misako-cl.jp
1059[+] mitakafood.co.jp
1060[+] mitsuishi-nouenn.com
1061[+] mitsumoto-shika.com
1062[+] miyahara-mental.com
1063[+] miyaichi.jp
1064[+] miyakawakanpou.com
1065[+] miyako-housing.com
1066[+] miyamayouchien.ed.jp
1067[+] miyazaki-ob-gy.jp
1068[+] mizken.co.jp
1069[+] mizukaminomori.com
1070[+] mizunoyama.com
1071[+] mkumi.com
1072[+] mochuhagaki-insatsu-mbe.com
1073[+] mokutankan.com
1074[+] mollykikue.com
1075[+] monomonomarket.net
1076[+] morikin.net
1077[+] morishita-gp.co.jp
1078[+] mori-sanfujinka.com
1079[+] move-rent.jp
1080[+] moviescollect.com
1081[+] mo-xa.net
1082[+] mpaj.or.jp
1083[+] mr-ep.jp
1084[+] mtair.org
1085[+] mtm-corp.com
1086[+] mtng.co.jp
1087[+] muddy-dog.com
1088[+] munakatagumi.com
1089[+] murai-office.com
1090[+] musashi.ne.jp
1091[+] musashi-kk.com
1092[+] mvc.co.jp
1093[+] myfoot.jp
1094[+] mykarte.co.jp
1095[+] mymsg.jp
1096[+] m-ag.co.jp
1097[+] m-bbb.com
1098[+] m-houjin.com
1099[+] m-sasaki.biz
1100[+] m-two.tokyo
1101[+] nacsnet.co.jp
1102[+] nagano-ganka.com
1103[+] nagao.org
1104[+] nagatajewelry.com
1105[+] nagatsuka-sougisha.com
1106[+] nagonomachi.com
1107[+] nagoyakamotsu.com
1108[+] nakakawaji.com
1109[+] nakakita.tokyo
1110[+] nakamichi-g.co.jp
1111[+] nakano-hiromasa.com
1112[+] nakano-nara.com
1113[+] nakashima-office.jp
1114[+] nakashu.jp
1115[+] nakatani-net.com
1116[+] nakayama-e.com
1117[+] nanairo-s.net
1118[+] nankaru.info
1119[+] naragodo.com
1120[+] natural-tune.com
1121[+] ncc-shotan.jp
1122[+] newdartslife.com
1123[+] newmic.co.jp
1124[+] newsguide.jp
1125[+] newyorknail.jp
1126[+] next-c-plus.com
1127[+] nichidaifilter.co.jp
1128[+] nichiei-ind.com
1129[+] night-map.com
1130[+] nihon-kyoken.net
1131[+] nihon-yobou.com
1132[+] nikoyuri.net
1133[+] niku-mansei.com
1134[+] ninja-g.com
1135[+] nipponrunners.or.jp
1136[+] nipro-ikou.co.jp
1137[+] nishikasai-hayatoku.com
1138[+] nishimura-lc.com
1139[+] nishinomiya-icamera.com
1140[+] nisin.co.jp
1141[+] nitobe.com
1142[+] nma-nahakango.ac.jp
1143[+] noall.jp
1144[+] nobifra.com
1145[+] nobukazu.jp
1146[+] nodaosamu.jp
1147[+] noizevil.com
1148[+] npo-alfa.org
1149[+] npo-fukushi.com
1150[+] npo-jyukankyo.net
1151[+] ns.n-23.com
1152[+] ntokunagaseikotsuin.net
1153[+] nvx.jp
1154[+] nwtcns.com
1155[+] n-23.com
1156[+] n-koryokyokai.com
1157[+] n-remodel.com
1158[+] n-sisters.com
1159[+] oaks-industry.com
1160[+] ochakaido.com
1161[+] officenile.co.jp
1162[+] office-itax.jp
1163[+] ogatastone.jp
1164[+] ogawaseimen.com
1165[+] ohgifukushikai.com
1166[+] ohm.jp
1167[+] ohmori-rissyo-boen.jp
1168[+] ohmura-inc.co.jp
1169[+] ohtapress.co.jp
1170[+] ohyabu-office.jp
1171[+] ohyama78.com
1172[+] okamoto-bidet.com
1173[+] okano-s.com
1174[+] okayamadc.com
1175[+] oke.co.jp
1176[+] okgasu.com
1177[+] okinawa-arena-construction.com
1178[+] okinawa-child-future.jp
1179[+] okinaya-kaiundo.com
1180[+] oktinc.jp
1181[+] okubo-clinic.jp
1182[+] olive-kamogawa.com
1183[+] omijo.com
1184[+] omotenashi-meijiya.com
1185[+] omron-compo.com
1186[+] om-midoriya.jp
1187[+] oohashigakuen.ac.jp
1188[+] oosaki-s.com
1189[+] opticoat.co.jp
1190[+] order-curtain.com
1191[+] original-cl.com
1192[+] osakaboseki.net
1193[+] osakaseni.co.jp
1194[+] osaka-hikari.net
1195[+] osaka-ucrc.org
1196[+] otayori.net
1197[+] oukasai.com
1198[+] ouzan.net
1199[+] oyama-s.com
1200[+] ozsys.jp
1201[+] pacific-cafe-omaezaki.com
1202[+] pam-paint.com
1203[+] panda-s.jp
1204[+] panmani.com
1205[+] pasde-chat.jp
1206[+] pbd.jp
1207[+] pc-alpha.co.jp
1208[+] pc-icon.com
1209[+] pc-impulse.co.jp
1210[+] pc-ss.net
1211[+] pearlway.net
1212[+] pension-retriever.jp
1213[+] perfect-implant.net
1214[+] perle-st.co.jp
1215[+] perno.jp
1216[+] pes109.com
1217[+] petitdoll.com
1218[+] pet-ribbon.com
1219[+] piacevole.co.jp
1220[+] pile.co.jp
1221[+] piolink.co.jp
1222[+] place-tokyo.co.jp
1223[+] plus.othtec.com
1224[+] polym.co.jp
1225[+] popuri-s-c.com
1226[+] potetokaitsuka.co.jp
1227[+] pradera.co.jp
1228[+] prenom.co.jp
1229[+] presen.co.jp
1230[+] preview.waseda-edge.jp
1231[+] proasia-japan.com
1232[+] prop-i.com
1233[+] pro-f21.com
1234[+] psy-fa.com
1235[+] ps-yamauchi.com
1236[+] pureji-ru.com
1237[+] p-cnoki.com
1238[+] p-seeds.com
1239[+] quadrifoglio-acqua.com
1240[+] q-katsu.co.jp
1241[+] raikoji.net
1242[+] rainbow-park.com
1243[+] rakusho-shiryu.com
1244[+] rakuwa.info
1245[+] ransui.com
1246[+] raycraftmagazine.com
1247[+] recycle-ch.kubota-ksk.co.jp
1248[+] refochu.com
1249[+] reform-anshin.com
1250[+] reform-japan.jp
1251[+] rei-tokyo.co.jp
1252[+] renfrojapan.com
1253[+] rengoukai.com
1254[+] rep24.style
1255[+] repair-brand.com
1256[+] resocom.jp
1257[+] restoringhearts.net
1258[+] reza-koumuten.com
1259[+] ricc-web.co.jp
1260[+] riscovery.jp
1261[+] riseup964.com
1262[+] rissi.jp
1263[+] riverall.com
1264[+] rokko-housing.co.jp
1265[+] ropex.com
1266[+] roumu.tokyo
1267[+] royalroadginza.com
1268[+] runbini.jp
1269[+] ruriiro.com
1270[+] ryukoku-sociology.jp
1271[+] saciperere.co.jp
1272[+] saibad.com
1273[+] saikouji-reien.or.jp
1274[+] saito-clinic.org
1275[+] sakai-flower.com
1276[+] sakana-toko.com
1277[+] sakata-seikotuin.com
1278[+] sakkeijikyou.com
1279[+] sakon-kyoto.com
1280[+] sakurashi-kankou.or.jp
1281[+] sakura-02.com
1282[+] sakusakura.com
1283[+] salonde-u.com
1284[+] sandadaiko.jp
1285[+] sand-majic.com
1286[+] sankeikanri.co.jp
1287[+] sanken-kikaku.co.jp
1288[+] sanko-metal.co.jp
1289[+] sanko-sangyo.co.jp
1290[+] sankyou-inc.com
1291[+] sankyo-tatemono.jp
1292[+] sansan-mori-hoiku.net
1293[+] sanshi-tex.co.jp
1294[+] sanus.jp
1295[+] sanzyukai.com
1296[+] sasaki.cc
1297[+] sasakinohen.com
1298[+] sasaki-kgs.co.jp
1299[+] sa-industry.co.jp
1300[+] sa-syouji.co.jp
1301[+] sbpb-law.jp
1302[+] schloss-design.com
1303[+] schoolaidjapan.or.jp
1304[+] scom-gm.jp
1305[+] scope-s-s.com
1306[+] sc-nishihachioji.jp
1307[+] sc-smiletokai.com
1308[+] sebank.co.jp
1309[+] seed07.co.jp
1310[+] seiaikai2002.com
1311[+] seikei-tennis.com
1312[+] seikenryuseitai.com
1313[+] seikolife.com
1314[+] seikyo-print.com
1315[+] seishin888.com
1316[+] seishoen.jp
1317[+] seiwabussan.co.jp
1318[+] sengoku-sato.com
1319[+] senju-pubcoco.com
1320[+] senoo-kikai.com
1321[+] senshin.ed.jp
1322[+] seri2010.jp
1323[+] serrano.co.jp
1324[+] servicedapartments.tokyo
1325[+] seseragi.co.jp
1326[+] setagayamachida.jp
1327[+] seta-net.com
1328[+] setouchi-color.co.jp
1329[+] sg-hakuju.com
1330[+] sharoushi-houjin.com
1331[+] shibuya-e.com
1332[+] shicata.co.jp
1333[+] shige-int.com
1334[+] shikokucable.co.jp
1335[+] shikoku-leisure.com
1336[+] shimane-syotairen.com
1337[+] shimizu-archi.jp
1338[+] shimizu-gp.com
1339[+] shimizu-kids-clinic.com
1340[+] shinkiya.jp
1341[+] shinkozo.or.jp
1342[+] shinma-net.com
1343[+] shinou-syoukai.com
1344[+] shinrainojo.jp
1345[+] shinryou.jp
1346[+] shinseiki-j.com
1347[+] shinseishika.co.jp
1348[+] shinwa3gyo.co.jp
1349[+] shinwa-sogo.co.jp
1350[+] shin-cl.com
1351[+] shiomaru.jp
1352[+] shirakawa-go.com
1353[+] shisaku.info
1354[+] shoei.tokyo
1355[+] shokuhyoji.jp
1356[+] shokyuen.com
1357[+] shonanfesta.com
1358[+] shop-gen.com
1359[+] shop-keylock.com
1360[+] shop-vail.com
1361[+] shourinji.net
1362[+] showa-chem.com
1363[+] sho-spo.com
1364[+] shunei.tokyo
1365[+] sinaikai.com
1366[+] siraho.jp
1367[+] sirasagi.org
1368[+] siroiekimae-seikotsuin.net
1369[+] sketchbook.gr.jp
1370[+] skmek.com
1371[+] sk-bousai.co.jp
1372[+] sk-p.biz
1373[+] sl-co.jp
1374[+] smackworld.co.jp
1375[+] smarthome-akita.com
1376[+] smd-kuma.com
1377[+] smile-is-ltd.com
1378[+] smile-ko-bo.com
1379[+] socio-com.com
1380[+] sohora.jp
1381[+] soho-hiar.com
1382[+] soka-fusasara.com
1383[+] son-system.net
1384[+] soroptimist-fuji.org
1385[+] sosenkai.or.jp
1386[+] sousei-japan.com
1387[+] spicyflyers.com
1388[+] spoled.jp
1389[+] sp-aichi.com
1390[+] sstoda.com
1391[+] ss-ken.jp
1392[+] stair-lounge.com
1393[+] starhomes.jp
1394[+] stc-i.co.jp
1395[+] steelhead.co.jp
1396[+] step-up-kagayaki.org
1397[+] stlc.co.jp
1398[+] strikes300.jp
1399[+] studioflow.biz
1400[+] studio-fuu.com
1401[+] studio-novell.com
1402[+] study-osaka.com
1403[+] st-staff.co.jp
1404[+] suetsugu-koumuten.com
1405[+] sugawara-masakazu.com
1406[+] sugimotogumi-mie.com
1407[+] sugino-miso.com
1408[+] sukkiriclinic.com
1409[+] sukoken.or.jp
1410[+] sumairu-s.com
1411[+] sumidamm.com
1412[+] suminoe-carpet-piece.com
1413[+] sunano.com
1414[+] sundai-th.jp
1415[+] sunday-cafe.com
1416[+] sunmillion.info
1417[+] suns.jp
1418[+] sunset-styles.com
1419[+] suntechno.net
1420[+] sun-rainbow.net
1421[+] suzukikikai.com
1422[+] syoko-ds.co.jp
1423[+] sysaudit.gr.jp
1424[+] systemdata.co.jp
1425[+] syuukan-ddmap.com
1426[+] szt.co.jp
1427[+] s-frontier.com
1428[+] s-kumamoto.jp
1429[+] s-minamikawa.com
1430[+] s-m-c.jp
1431[+] s-sakura.jp
1432[+] tabba.org
1433[+] tabigate.net
1434[+] tachibanapc.com
1435[+] tachibana-group.jp
1436[+] taguchigumi.co.jp
1437[+] tahara-kantei.com
1438[+] taikoh-eg.com
1439[+] taiwa-g.com
1440[+] takahashi-e.co.jp
1441[+] takajo-shiragiku.com
1442[+] takaki-soba.com
1443[+] takakogyo.com
1444[+] takaocoffee.jp
1445[+] takarazuka-kokyuki.com
1446[+] takasuka.co.jp
1447[+] takazawa-dc.com
1448[+] takeda-shinkyu.net
1449[+] takesumisekino.com
1450[+] takkan.net
1451[+] takosho.tokyo
1452[+] takumi-irecycle.com
1453[+] tamaku-chouren.com
1454[+] tamanojc.com
1455[+] tamy.net
1456[+] tanakayuka-office.com
1457[+] tandmmusic.net
1458[+] tands.ne.jp
1459[+] tankei.co.jp
1460[+] tansei-kensetsu.jp
1461[+] taruishi.co.jp
1462[+] tataminofujiwara.com
1463[+] tatami-t.co.jp
1464[+] tbanto.com
1465[+] tbs-okamoto.com
1466[+] tbs-seitai.com
1467[+] tci-com.biz
1468[+] tc-kango.com
1469[+] team-autobahn.com
1470[+] tearsilver.com
1471[+] technohashimoto.com
1472[+] technosystem.biz
1473[+] telno.ne.jp
1474[+] temariya.net
1475[+] temple-sample.com
1476[+] tene.jp
1477[+] teranobu.co.jp
1478[+] tfd-com.co.jp
1479[+] theisiya.com
1480[+] thinkraiseinc.jp
1481[+] tire-tengoku.com
1482[+] tm21plaza.com
1483[+] tm-n.com
1484[+] tobikawa.co.jp
1485[+] tocollo.co.jp
1486[+] toeisha.co.jp
1487[+] tohounyu.co.jp
1488[+] toho-com.jp
1489[+] tohtotech.co.jp
1490[+] toisengyo.jp
1491[+] tokuyamasonic.gr.jp
1492[+] tokyo55.com
1493[+] tokyokouwanfukurikousei.jp
1494[+] tokyotec.net
1495[+] tokyo-japan.com
1496[+] tomakyo.com
1497[+] tomei-k.com
1498[+] tommelise.jp
1499[+] tomoe-j.com
1500[+] tomosumi-setsubi.com
1501[+] tonotsuji.com
1502[+] tophills-cl.jp
1503[+] topolino-igo.org
1504[+] torito.jp
1505[+] toshikun.org
1506[+] total-tsushin.com
1507[+] totoro.or.jp
1508[+] touan-udon.com
1509[+] tougarashichoumiryou.com
1510[+] touku-sangyo.com
1511[+] toyokunihonda.tokyo
1512[+] toyoseiki.net
1513[+] toyota-pr-car.jp
1514[+] toyo-rp.com
1515[+] tozaicreate.com
1516[+] transatlantic-jp.com
1517[+] transside.com
1518[+] trans.maniac-site.com
1519[+] tritoninc.co.jp
1520[+] trsg.co.jp
1521[+] trunk-net.co.jp
1522[+] tsubamenote.co.jp
1523[+] tsubame-taikyo.com
1524[+] tsujimoto-hifuka.com
1525[+] tsukadashika.com
1526[+] tsukiji-seikotsu.net
1527[+] tsuruga.co.jp
1528[+] ttdyhot.net
1529[+] tukisekai.co.jp
1530[+] tyosbr1.tene.jp
1531[+] typrojectweb.com
1532[+] t-engi.com
1533[+] t-mark-gp.com
1534[+] t-suzuran.com
1535[+] t-sweetslabo.com
1536[+] t-wisteria.com
1537[+] ubiq-c.jp
1538[+] ugoku-bijutsukan.com
1539[+] ula.jp
1540[+] umekin.net
1541[+] umenomitsu.com
1542[+] umenoya.net
1543[+] umesho.com
1544[+] union.or.jp
1545[+] unogame.jp
1546[+] uonumakoshihikari.jp
1547[+] urawa-red.diamonds
1548[+] urbane-clinic.jp
1549[+] uv-coat.com
1550[+] uwakai.com
1551[+] u-medialink.com
1552[+] u-shinkyu.net
1553[+] valley-ag.co.jp
1554[+] valueup-jp.com
1555[+] visa-agent.net
1556[+] visual-soft.net
1557[+] visuna.jp
1558[+] wada-sika.jp
1559[+] wakabaseikotsuin.net
1560[+] wanshopstudio.com
1561[+] waseda-abell.com
1562[+] watchmannee.jp
1563[+] wayama.jp
1564[+] wbr.jp
1565[+] web940.net
1566[+] web-junky.net
1567[+] wedder.net
1568[+] westone-yes.com
1569[+] whitehole.jp
1570[+] white-dragon.jp
1571[+] will-link.co.jp
1572[+] wings-jp.com
1573[+] wires.co.jp
1574[+] work-echizen.com
1575[+] work-life-supporter.org
1576[+] worldvision-kyoto.com
1577[+] wsp.gr.jp
1578[+] www.adgoods.net
1579[+] www.ajwpa.or.jp
1580[+] www.akan.co.jp
1581[+] www.akashidenko.co.jp
1582[+] www.akenohoikuen.jp
1583[+] www.akishino.net
1584[+] www.amabro.com
1585[+] www.amakusapearl.com
1586[+] www.amicho.com
1587[+] www.amsl.or.jp
1588[+] www.amyurion.com
1589[+] www.anacpsapporo.com
1590[+] www.animals.co.jp
1591[+] www.aoyamabs.jp
1592[+] www.areiz.jp
1593[+] www.aromavera.jp
1594[+] www.asahiprint.com
1595[+] www.ashiuratengoku.co.jp
1596[+] www.asianbagus.com
1597[+] www.bananachips.jp
1598[+] www.banjiro.com
1599[+] www.bdss.jp
1600[+] www.bearslope.com
1601[+] www.briko.jp
1602[+] www.bri.co.jp
1603[+] www.brownny.com
1604[+] www.cadlus.com
1605[+] www.calaworld.com
1606[+] www.cardist.com
1607[+] www.centraza.com
1608[+] www.cetakumi.or.jp
1609[+] www.chikiri.co.jp
1610[+] www.chipandcherry.com
1611[+] www.choushimaru.co.jp
1612[+] www.cics.co.jp
1613[+] www.ckids.jp
1614[+] www.cluar.com
1615[+] www.cmcajapan.net
1616[+] www.cob77.com
1617[+] www.creomu.com
1618[+] www.curingsimulation.jp
1619[+] www.cycleplus.jp
1620[+] www.daizawaschool.com
1621[+] www.databroad.tv
1622[+] www.diatrend.com
1623[+] www.dogjam.jp
1624[+] www.doitokeiya.com
1625[+] www.dressco.jp
1626[+] www.earthrun.co.jp
1627[+] www.ecoq21.jp
1628[+] www.ecotourism.gr.jp
1629[+] www.einstein1905.info
1630[+] www.elekitel.net
1631[+] www.elph.jp
1632[+] www.elpisjapan.com
1633[+] www.ephar2012.org
1634[+] www.figure.co.jp
1635[+] www.fiveseasons.co.jp
1636[+] www.flowric.co.jp
1637[+] www.fud1998.com
1638[+] www.fukuoka24.com
1639[+] www.fukushiyo.org
1640[+] www.funacli.jp
1641[+] www.funwave.co.jp
1642[+] www.gancho.net
1643[+] www.genethread.net
1644[+] www.ginzanakahisa.jp
1645[+] www.girltalk.co.jp
1646[+] www.gokurakuji.jp
1647[+] www.goldman.jp
1648[+] www.golfgarage.jp
1649[+] www.gomagoma.net
1650[+] www.gondo.com
1651[+] www.grandtr.com
1652[+] www.hananojuutan.jp
1653[+] www.herbarhouse.net
1654[+] www.hiroclinic.net
1655[+] www.hitohashi.com
1656[+] www.hpstore.jp
1657[+] www.huchuhomare.com
1658[+] www.hwcg.co.jp
1659[+] www.ichinoya.com
1660[+] www.igsoap.com
1661[+] www.iins2.jp
1662[+] www.ilis.com
1663[+] www.imdoor.com
1664[+] www.imliving.com
1665[+] www.ishikawadanceschool.com
1666[+] www.izh.jp
1667[+] www.jahachijoshimajoseibu.tokyo
1668[+] www.jbpma.gr.jp
1669[+] www.jiia.or.jp
1670[+] www.jipe.org
1671[+] www.jubilo.co.jp
1672[+] www.kairaku.co.jp
1673[+] www.kakinohasushi.com
1674[+] www.kanetsune.com
1675[+] www.keieishien.co.jp
1676[+] www.kgrape.com
1677[+] www.khaosoi.net
1678[+] www.kids.okidono.com
1679[+] www.kigawa.org
1680[+] www.kimuraseal.co.jp
1681[+] www.kinoako.com
1682[+] www.kinoshitakensetsu.jp
1683[+] www.kitanihonship.co.jp
1684[+] www.kitijouinn.com
1685[+] www.kittaka.com
1686[+] www.kiwat.com
1687[+] www.koujindou.com
1688[+] www.kourinkaku.com
1689[+] www.kuhara.co.jp
1690[+] www.kurosawajewel.co.jp
1691[+] www.kyg.or.jp
1692[+] www.kyokushinfukuoka.com
1693[+] www.kyotogaku.org
1694[+] www.landcrew.net
1695[+] www.lasvegasyoyaku.com
1696[+] www.lienjoux.com
1697[+] www.llga.or.jp
1698[+] www.lmconsul.com
1699[+] www.madoc.co.jp
1700[+] www.magicbomber.com
1701[+] www.magonoteclub.co.jp
1702[+] www.maru5.net
1703[+] www.meihokudoboku.co.jp
1704[+] www.mexichemfluor.co.jp
1705[+] www.mgspt.com
1706[+] www.mgtco.co.jp
1707[+] www.minanoba.jp
1708[+] www.mizken.co.jp
1709[+] www.mizunoyama.com
1710[+] www.moviescollect.com
1711[+] www.mpaj.or.jp
1712[+] www.musashi.ne.jp
1713[+] www.mvc.co.jp
1714[+] www.myfoot.jp
1715[+] www.mykarte.co.jp
1716[+] www.nagatajewelry.com
1717[+] www.nagonomachi.com
1718[+] www.nagoyakamotsu.com
1719[+] www.nan9.co.jp
1720[+] www.naragodo.com
1721[+] www.neriki.co.jp
1722[+] www.newdartslife.com
1723[+] www.newmic.co.jp
1724[+] www.nichidaifilter.co.jp
1725[+] www.nipponrunners.or.jp
1726[+] www.nisin.co.jp
1727[+] www.nitobe.com
1728[+] www.noall.jp
1729[+] www.nwtcns.com
1730[+] www.oapc.jp
1731[+] www.officenile.co.jp
1732[+] www.ogawaseimen.com
1733[+] www.ohgifukushikai.com
1734[+] www.ohm.jp
1735[+] www.ohyama78.com
1736[+] www.opticoat.co.jp
1737[+] www.orimoto.co.jp
1738[+] www.osakaseni.co.jp
1739[+] www.oukasai.com
1740[+] www.ouzan.net
1741[+] www.pes109.com
1742[+] www.petitdoll.com
1743[+] www.piolink.co.jp
1744[+] www.potetokaitsuka.co.jp
1745[+] www.pradera.co.jp
1746[+] www.ransui.com
1747[+] www.raycraftmagazine.com
1748[+] www.resocom.jp
1749[+] www.rolltech.jp
1750[+] www.royalroadginza.com
1751[+] www.runbini.jp
1752[+] www.ruriiro.com
1753[+] www.saciperere.co.jp
1754[+] www.saibad.com
1755[+] www.sankeikanri.co.jp
1756[+] www.sanzyukai.com
1757[+] www.schoolaidjapan.or.jp
1758[+] www.seikolife.com
1759[+] www.serrano.co.jp
1760[+] www.seseragi.co.jp
1761[+] www.shicata.co.jp
1762[+] www.shikokucable.co.jp
1763[+] www.shinkozo.or.jp
1764[+] www.shinseishika.co.jp
1765[+] www.shinwa3gyo.co.jp
1766[+] www.shisaku.info
1767[+] www.shokuhyoji.jp
1768[+] www.shourinji.net
1769[+] www.sinaikai.com
1770[+] www.sohora.jp
1771[+] www.sosenkai.or.jp
1772[+] www.spicyflyers.com
1773[+] www.stlc.co.jp
1774[+] www.strikes300.jp
1775[+] www.studioflow.biz
1776[+] www.sukoken.or.jp
1777[+] www.sumidamm.com
1778[+] www.suzukikikai.com
1779[+] www.sysaudit.gr.jp
1780[+] www.systemdata.co.jp
1781[+] www.szt.co.jp
1782[+] www.tabba.org
1783[+] www.tabigate.net
1784[+] www.tachibanapc.com
1785[+] www.takasuka.co.jp
1786[+] www.tands.ne.jp
1787[+] www.taruishi.co.jp
1788[+] www.technosystem.biz
1789[+] www.theisiya.com
1790[+] www.toeisha.co.jp
1791[+] www.tohtotech.co.jp
1792[+] www.tommelise.jp
1793[+] www.torifuji.jp
1794[+] www.totoro.or.jp
1795[+] www.touhokuzitugyou.co.jp
1796[+] www.toyoseiki.net
1797[+] www.transside.com
1798[+] www.trsg.co.jp
1799[+] www.tsubamenote.co.jp
1800[+] www.tsuruga.co.jp
1801[+] www.ula.jp
1802[+] www.umenoya.net
1803[+] www.umesho.com
1804[+] www.uwakai.com
1805[+] www.visuna.jp
1806[+] www.wires.co.jp
1807[+] www.wsp.gr.jp
1808[+] www.yakugaku.or.jp
1809[+] www.yamahiro.com
1810[+] www.yamako.org
1811[+] www.yamamurogumi.com
1812[+] www.yokkaichidome.com
1813[+] www.yoshima.net
1814[+] www.ysenya.jp
1815[+] www.yudenshi.com
1816[+] www.yuu1.net
1817[+] www.zankyo.com
1818[+] www.zenko.co.jp
1819[+] www.zetsuen.com
1820[+] www.1advantage.info
1821[+] www.1charinko.com
1822[+] www.4lz.info
1823[+] www.8kyouwa.co.jp
1824[+] www.8-buyers.co.jp
1825[+] www.21ccs.jp
1826[+] www.80pan.com
1827[+] www.816apart.com
1828[+] www.7061.jp
1829[+] www.9129.co.jp
1830[+] www.ablease-kikai.co.jp
1831[+] www.akarenga-park.com
1832[+] www.all-japan-arts.com
1833[+] www.aoi-law.com
1834[+] www.aoki-shoten.co.jp
1835[+] www.apex-jp.net
1836[+] www.architecture-forum.net
1837[+] www.archivision-hs.co.jp
1838[+] www.arc-system.co.jp
1839[+] www.arden-heiwa.co.jp
1840[+] www.art-glb.com
1841[+] www.asset-guardian.co.jp
1842[+] www.astrology-lovers.com
1843[+] www.asuka-acc.jp
1844[+] www.asver-service.jp
1845[+] www.atelier-h.co.jp
1846[+] www.autoservice-m.com
1847[+] www.awa-miyoshi.jp
1848[+] www.a-caeser.jp
1849[+] www.a-miyagi.jp
1850[+] www.bark-inc.com
1851[+] www.beni-ya.jp
1852[+] www.best-haken.com
1853[+] www.bianca-hair.com
1854[+] www.bike-tenken.com
1855[+] www.biwako-kirara.ed.jp
1856[+] www.buddy-golfclub.com
1857[+] www.car-support-amenity.jp
1858[+] www.cats-i.ac.jp
1859[+] www.couple-c.com
1860[+] www.custard-arch.com
1861[+] www.daishin-trading.com
1862[+] www.dentist-nakashima.jp
1863[+] www.denyu-sha.co.jp
1864[+] www.denzai-ryutu.co.jp
1865[+] www.d-storekyoto.com
1866[+] www.egao-kyushu.com
1867[+] www.ergo-grip.jp
1868[+] www.eri-kawai.com
1869[+] www.escort.maniac-site.com
1870[+] www.espace-jp.com
1871[+] www.e-serve21.com
1872[+] www.e-snj.jp
1873[+] www.e-tusin.net
1874[+] www.favorix-recruit.com
1875[+] www.feed-net.co.jp
1876[+] www.fortune-garden.net
1877[+] www.frontier-engagement.jp
1878[+] www.fujikawa-web.com
1879[+] www.fukusi-otsu.or.jp
1880[+] www.furusato-dsc.com
1881[+] www.gaea-area.com
1882[+] www.gem-jade.com
1883[+] www.george-house.com
1884[+] www.geo-prd.co.jp
1885[+] www.germa-soudan.com
1886[+] www.gmc-japan.com
1887[+] www.gravure-idol-ranking.com
1888[+] www.gyosei-grp.or.jp
1889[+] www.hairandmake-neu.com
1890[+] www.happy-dental.jp
1891[+] www.heartful-com.org
1892[+] www.heart-kashiwa.jp
1893[+] www.hoken-design.jp
1894[+] www.hokuetsu-motor.co.jp
1895[+] www.holotropic-net.org
1896[+] www.hot-template.jp
1897[+] www.h-kouyou.com
1898[+] www.image-co.com
1899[+] www.implant-koda.com
1900[+] www.implant-smiline.jp
1901[+] www.ito-laundry.net
1902[+] www.iyp-center.or.jp
1903[+] www.japan-stay.com
1904[+] www.jic-sakabe.jp
1905[+] www.jinzai-pro.com
1906[+] www.jojohair-my.net
1907[+] www.jolly-roger.co.jp
1908[+] www.j-escom.co.jp
1909[+] www.kagami-group.co.jp
1910[+] www.kajima-fa.or.jp
1911[+] www.kakegawa-terminalhotel.com
1912[+] www.kanda-denki.com
1913[+] www.kenko-baseball.com
1914[+] www.ken-spirits.jp
1915[+] www.key-s-asano.com
1916[+] www.kids-angeli.com
1917[+] www.kids-npo.com
1918[+] www.kimono-office.com
1919[+] www.kiriko-roll.com
1920[+] www.kk-hayama.co.jp
1921[+] www.koei-tec.jp
1922[+] www.kofu-central.co.jp
1923[+] www.ko-and-co.com
1924[+] www.kumamoto-bunkanokaze.com
1925[+] www.kuukankoubou-m.com
1926[+] www.kuwa-kaikei.com
1927[+] www.kyodo-senpaku.co.jp
1928[+] www.kyoto-kirara.ed.jp
1929[+] www.kyoto-shukuhakuzei.com
1930[+] www.kyo-biyou.or.jp
1931[+] www.le-kiya.com
1932[+] www.life-box.jp
1933[+] www.lita-life.jp
1934[+] www.luminous-hotel.co.jp
1935[+] www.makoto-ortho.com
1936[+] www.manamis-kitchen.com
1937[+] www.marukyo-g.co.jp
1938[+] www.mash-jp.net
1939[+] www.matsumoto-s.net
1940[+] www.meijiza-ac.jp
1941[+] www.meiko-seiki.co.jp
1942[+] www.mejiro-iin.jp
1943[+] www.miki-law.com
1944[+] www.miyahara-mental.com
1945[+] www.miyano-mame.jp
1946[+] www.mochuhagaki-insatsu-mbe.com
1947[+] www.morishita-gp.co.jp
1948[+] www.move-rent.jp
1949[+] www.mr-ep.jp
1950[+] www.m-ag.co.jp
1951[+] www.m-bbb.com
1952[+] www.nakano-hiromasa.com
1953[+] www.natural-tune.com
1954[+] www.nichiei-ind.com
1955[+] www.night-map.com
1956[+] www.nihon-kyoken.net
1957[+] www.nihon-yobou.com
1958[+] www.niku-mansei.com
1959[+] www.nishinomiya-icamera.com
1960[+] www.nma-nahakango.ac.jp
1961[+] www.npo-fukushi.com
1962[+] www.nts-book.co.jp
1963[+] www.n-remodel.com
1964[+] www.ohyabu-office.jp
1965[+] www.okamoto-bidet.com
1966[+] www.okinawa-child-future.jp
1967[+] www.okinaya-kaiundo.com
1968[+] www.omron-compo.com
1969[+] www.om-midoriya.jp
1970[+] www.order-curtain.com
1971[+] www.original-cl.com
1972[+] www.oyama-s.com
1973[+] www.panda-s.jp
1974[+] www.pasde-chat.jp
1975[+] www.pc-icon.com
1976[+] www.pc-ss.net
1977[+] www.perfect-implant.net
1978[+] www.pet-ribbon.com
1979[+] www.place-tokyo.co.jp
1980[+] www.prop-i.com
1981[+] www.psy-fa.com
1982[+] www.ps-yamauchi.com
1983[+] www.pureji-ru.com
1984[+] www.p-seeds.com
1985[+] www.p-sekisui-hometechno.jp
1986[+] www.rei-tokyo.co.jp
1987[+] www.repair-brand.com
1988[+] www.reza-koumuten.com
1989[+] www.ryukoku-sociology.jp
1990[+] www.saito-clinic.org
1991[+] www.sakai-flower.com
1992[+] www.sakon-kyoto.com
1993[+] www.sakurashi-kankou.or.jp
1994[+] www.sanken-kikaku.co.jp
1995[+] www.sa-industry.co.jp
1996[+] www.sbpb-law.jp
1997[+] www.scom-gm.jp
1998[+] www.sc-nishihachioji.jp
1999[+] www.seta-net.com
2000[+] www.sharoushi-houjin.com
2001[+] www.shibuya-e.com
2002[+] www.shimizu-archi.jp
2003[+] www.shimizu-kids-clinic.com
2004[+] www.shinkou-hd.jp
2005[+] www.shinma-net.com
2006[+] www.shin-cl.com
2007[+] www.shop-gen.com
2008[+] www.shop-vail.com
2009[+] www.showa-chem.com
2010[+] www.sk-p.biz
2011[+] www.socio-com.com
2012[+] www.soka-fusasara.com
2013[+] www.son-system.net
2014[+] www.ss-ken.jp
2015[+] www.studio-novell.com
2016[+] www.study-osaka.com
2017[+] www.st-staff.co.jp
2018[+] www.sub0000158328.ms.hmk-temp.com
2019[+] www.sugimotogumi-mie.com
2020[+] www.sugino-miso.com
2021[+] www.sundai-th.jp
2022[+] www.s-kumamoto.jp
2023[+] www.s-minamikawa.com
2024[+] www.takahashi-e.co.jp
2025[+] www.takarazuka-kokyuki.com
2026[+] www.takazawa-dc.com
2027[+] www.takken-sagami.or.jp
2028[+] www.takumi-irecycle.com
2029[+] www.tamaku-chouren.com
2030[+] www.tatami-t.co.jp
2031[+] www.tbs-okamoto.com
2032[+] www.temple-sample.com
2033[+] www.tfd-com.co.jp
2034[+] www.tire-tengoku.com
2035[+] www.toho-com.jp
2036[+] www.tokyo-japan.com
2037[+] www.tophills-cl.jp
2038[+] www.trans.maniac-site.com
2039[+] www.trunk-net.co.jp
2040[+] www.tsubame-taikyo.com
2041[+] www.t-mark-gp.com
2042[+] www.valley-ag.co.jp
2043[+] www.valueup-jp.com
2044[+] www.visa-agent.net
2045[+] www.waseda-abell.com
2046[+] www.wings-jp.com
2047[+] www.w-gang.co.jp
2048[+] www.yado-web.com
2049[+] www.yasuda-s.jp
2050[+] www.yokosuka-jeans.com
2051[+] www.yoshimune-fx.com
2052[+] www.yo-meiji-taikyokuken.co.jp
2053[+] www.yuima-ru.info
2054[+] w-gang.co.jp
2055[+] xcom.co.jp
2056[+] xn--3iqz39ae7wbootb.com
2057[+] yado-web.com
2058[+] yahara-shinkyuseikotsuin.net
2059[+] yakugaku.or.jp
2060[+] yamaguchishika.net
2061[+] yamahiro.com
2062[+] yamako.org
2063[+] yamamurogumi.com
2064[+] yamato-kougei.com
2065[+] yamato-press.co.jp
2066[+] yanai-cllect.com
2067[+] yasiro.com
2068[+] yasuda-s.jp
2069[+] yasui-yuzu.com
2070[+] yasuta.com
2071[+] ycf.co.jp
2072[+] ymca-okayama.org
2073[+] ymup.co.jp
2074[+] yoga-prana.tokyo
2075[+] yokkaichidome.com
2076[+] yokohama-music.com
2077[+] yokosuka-jeans.com
2078[+] yokota-dance.com
2079[+] yonechi.com
2080[+] yoneda-seikotsu.com
2081[+] yonigeya-reborn.com
2082[+] yoroz.co.jp
2083[+] yorozu-tax.com
2084[+] yoshii-seikei.or.jp
2085[+] yoshima.net
2086[+] yoshima-industrial-park.com
2087[+] yoshimotokajoen.co.jp
2088[+] yoshimune-fx.com
2089[+] yotsubanomori.net
2090[+] youchien.to
2091[+] you-ei.com
2092[+] yo-meiji-taikyokuken.co.jp
2093[+] ysenya.jp
2094[+] ys-collection.jp
2095[+] ytrading.biz
2096[+] yudenshi.com
2097[+] yuima-ru.info
2098[+] yumeno-ya.com
2099[+] yumetabi-ita.co.jp
2100[+] yume-ka.com
2101[+] yuu1.net
2102[+] yuushin-lp.jp
2103[+] yuushin-rescue.jp
2104[+] yz-ti.co.jp
2105[+] y-aruga.com
2106[+] y-hatori.jp
2107[+] zankyo.com
2108[+] zetsuen.com
2109[+] zuo-s.com
2110#######################################################################################################################################
2111
2112
2113Reverse IP With YouGetSignal 'kyodo-senpaku.co.jp'
2114-----------------------------------------------------
2115
2116[*] IP: 211.13.196.135
2117[*] Domain: kyodo-senpaku.co.jp
2118[*] Total Domains: 116
2119
2120[+] agprintshop.com
2121[+] asakusa-matsunami.co.jp
2122[+] asakusamikawaya.com
2123[+] athlete-web.com
2124[+] bright3.jp
2125[+] calaworld.com
2126[+] centraza.com
2127[+] earth-aso.jp
2128[+] esa.gr.jp
2129[+] fukueifudousan.com
2130[+] fumiere.com
2131[+] higashikyusyu-ds.jp
2132[+] honey-de.com
2133[+] hpstore.jp
2134[+] j-hanbs.or.jp
2135[+] japan-stay.com
2136[+] kasuga.or.jp
2137[+] kiwat.com
2138[+] ko-and-co.com
2139[+] kogaku-buhin.com
2140[+] komukaimushusei.com
2141[+] kurohime-kogen.co.jp
2142[+] kyodo-senpaku.co.jp
2143[+] kyoujin.xyz
2144[+] mexichemfluor.co.jp
2145[+] mkumi.com
2146[+] mokutankan.com
2147[+] ouzan.net
2148[+] reform-anshin.com
2149[+] shirakawa-go.com
2150[+] sp-aichi.com
2151[+] sunsystemai.co.jp
2152[+] tfec9.org
2153[+] torito.jp
2154[+] tsujimoto-hifuka.com
2155[+] worldmarketingsummit.jp
2156[+] www.9-jin.jp
2157[+] www.9129.co.jp
2158[+] www.aoki-shoten.co.jp
2159[+] www.aoyamabs.jp
2160[+] www.applek.com
2161[+] www.augur.jp
2162[+] www.beauxyeux.jp
2163[+] www.cafe-fish.com
2164[+] www.centraza.com
2165[+] www.cic-ip.com
2166[+] www.clamp-kakuta.com
2167[+] www.cos.co.jp
2168[+] www.daiken-s.co.jp
2169[+] www.dokutoruyo.com
2170[+] www.e-khp.com
2171[+] www.einstein1905.info
2172[+] www.elph.jp
2173[+] www.elue.jp
2174[+] www.eri-kawai.com
2175[+] www.f-wood.com
2176[+] www.falcon24.com
2177[+] www.fpfacile.co.jp
2178[+] www.friendship-co.jp
2179[+] www.fuso-auto.co.jp
2180[+] www.gee.co.jp
2181[+] www.geo-prd.co.jp
2182[+] www.go-fuku.jp
2183[+] www.gondo.com
2184[+] www.gyosei-grp.or.jp
2185[+] www.hanataro.com
2186[+] www.hanawasangyo.co.jp
2187[+] www.hashimaya.com
2188[+] www.hn-group.co.jp
2189[+] www.honnoji.co.jp
2190[+] www.imdoor.com
2191[+] www.islandbrain.co.jp
2192[+] www.jpn-ga.jp
2193[+] www.kawamura-seiki.co.jp
2194[+] www.kenko-baseball.com
2195[+] www.koji-okada.com
2196[+] www.konan-crane.or.jp
2197[+] www.kurohime-kogen.co.jp
2198[+] www.kyowaseiko.co.jp
2199[+] www.luminous-hotel.co.jp
2200[+] www.meijiza-ac.jp
2201[+] www.n-s-system.co.jp
2202[+] www.nagoyakamotsu.com
2203[+] www.natulux.com
2204[+] www.nichidaifilter.co.jp
2205[+] www.nichiei-ind.com
2206[+] www.niku-mansei.com
2207[+] www.nobustyle.jp
2208[+] www.nodajuku.co.jp
2209[+] www.ohm.jp
2210[+] www.piolink.co.jp
2211[+] www.pjgroup.jp
2212[+] www.pradera.co.jp
2213[+] www.presen.co.jp
2214[+] www.ropex.com
2215[+] www.royalroadginza.com
2216[+] www.saibad.com
2217[+] www.sanage-cc.com
2218[+] www.schoolaidjapan.or.jp
2219[+] www.seiwabussan.co.jp
2220[+] www.st-staff.co.jp
2221[+] www.sukoken.or.jp
2222[+] www.sysaudit.gr.jp
2223[+] www.tabba.org
2224[+] www.tire-tengoku.com
2225[+] www.tocollo.co.jp
2226[+] www.totoro.or.jp
2227[+] www.toyota-kobe.ac.jp
2228[+] www.translatejapan.com
2229[+] www.tsuruga.co.jp
2230[+] www.web-isin.net
2231[+] www.wsp.gr.jp
2232[+] www.yogekisha.com
2233[+] www.yoshiiclinic.jp
2234[+] yakugaku.or.jp
2235[+] yokkaichidome.com
2236#######################################################################################################################################
2237
2238
2239Geo IP Lookup 'kyodo-senpaku.co.jp'
2240--------------------------------------
2241
2242[+] IP Address: 211.13.196.135
2243[+] Country: Japan
2244[+] State:
2245[+] City:
2246[+] Latitude: 35.69
2247[+] Longitude: 139.69
2248#######################################################################################################################################
2249
2250
2251Whois 'kyodo-senpaku.co.jp'
2252------------------------------
2253
2254[+] [ JPRS database provides information on network administration. Its use is ]
2255[+] [ restricted to network administration purposes. For further information, ]
2256[+] [ use 'whois -h whois.jprs.jp help'. To suppress Japanese output, add'/e' ]
2257[+] [ at the end of command, e.g. 'whois -h whois.jprs.jp xxx/e'. ]
2258[+] Domain Information:
2259[+] a. [Domain Name] KYODO-SENPAKU.CO.JP
2260[+] g. [Organization] Kyodosenpaku corporation
2261[+] l. [Organization Type] Corporation
2262[+] m. [Administrative Contact] TN5822JP
2263[+] n. [Technical Contact] HY4200JP
2264[+] p. [Name Server] ns.namedserver.net
2265[+] p. [Name Server] ns2.namedserver.net
2266[+] s. [Signing Key]
2267[+] [State] Connected (2019/09/30)
2268[+] [Registered Date] 2001/09/06
2269[+] [Connected Date] 2001/09/25
2270[+] [Last Update] 2018/10/01 01:01:43 (JST)
2271
2272#######################################################################################################################################
2273
2274Bypass Cloudflare 'kyodo-senpaku.co.jp'
2275------------------------------------------
2276
2277[!] CloudFlare Bypass 211.13.204.2 | ftp.kyodo-senpaku.co.jp
2278!] CloudFlare Bypass 211.13.196.135 | www.kyodo-senpaku.co.jp
2279[!] CloudFlare Bypass 211.13.204.5 | smtp.kyodo-senpaku.co.jp
2280#######################################################################################################################################
2281
2282
2283
2284DNS Lookup 'kyodo-senpaku.co.jp'
2285-----------------------------------
2286
2287[+] kyodo-senpaku.co.jp. 3591 IN A 211.13.196.135
2288[+] kyodo-senpaku.co.jp. 21591 IN NS ns2.namedserver.net.
2289[+] kyodo-senpaku.co.jp. 21591 IN NS ns.namedserver.net.
2290[+] kyodo-senpaku.co.jp. 3591 IN SOA ns.namedserver.net. root.namedserver.net. 2327379400 10800 1800 259200 1800
2291[+] kyodo-senpaku.co.jp. 3591 IN MX 100 mx.kyodo-senpaku.co.jp.
2292#######################################################################################################################################
2293
2294
2295Show HTTP Header 'kyodo-senpaku.co.jp'
2296-----------------------------------------
2297
2298[+] HTTP/1.1 200 OK
2299[+] Date: Sat, 06 Jul 2019 15:34:34 GMT
2300[+] Server: Apache
2301[+] Last-Modified: Thu, 16 May 2019 01:55:00 GMT
2302[+] ETag: "3339-588f78dbfa500"
2303[+] Accept-Ranges: bytes
2304[+] Content-Length: 13113
2305[+] Content-Type: text/html
2306#######################################################################################################################################
2307
2308
2309
2310Port Scan 'kyodo-senpaku.co.jp'
2311----------------------------------
2312
2313Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 15:34 UTC
2314Nmap scan report for kyodo-senpaku.co.jp (211.13.196.135)
2315Host is up (0.15s latency).
2316rDNS record for 211.13.196.135: sv3.isle.ne.jp
2317
2318PORT STATE SERVICE
231921/tcp filtered ftp
232022/tcp filtered ssh
232123/tcp filtered telnet
232280/tcp open http
2323110/tcp filtered pop3
2324143/tcp filtered imap
2325443/tcp open https
23263389/tcp filtered ms-wbt-server
2327
2328Nmap done: 1 IP address (1 host up) scanned in 2.45 seconds
2329#######################################################################################################################################
2330
2331
2332
2333
2334Traceroute 'kyodo-senpaku.co.jp'
2335-----------------------------------
2336
2337Start: 2019-07-06T15:34:43+0000
2338HOST: web01 Loss% Snt Last Avg Best Wrst StDev
2339 1.|-- 45.79.12.201 0.0% 3 1.0 1.7 0.7 3.5 1.5
2340 2.|-- 45.79.12.0 0.0% 3 0.7 0.6 0.5 0.7 0.1
2341 3.|-- 45.79.12.9 0.0% 3 0.6 0.7 0.6 0.7 0.1
2342 4.|-- 199.245.16.65 0.0% 3 1.5 1.6 1.5 1.6 0.1
2343 5.|-- ae-0.r23.dllstx09.us.bb.gin.ntt.net 0.0% 3 1.3 1.3 1.3 1.4 0.0
2344 6.|-- ae-8.r23.snjsca04.us.bb.gin.ntt.net 0.0% 3 42.2 42.0 41.3 42.3 0.6
2345 7.|-- ae-21.r30.tokyjp05.jp.bb.gin.ntt.net 0.0% 3 145.6 146.5 145.6 147.3 0.8
2346 8.|-- ae-2.r00.tokyjp08.jp.bb.gin.ntt.net 0.0% 3 145.8 145.8 145.8 146.0 0.1
2347 9.|-- 61.120.144.210 0.0% 3 146.1 146.1 146.0 146.1 0.1
2348 10.|-- 210.155.131.79 0.0% 3 149.7 149.4 149.1 149.7 0.3
2349 11.|-- 210.155.132.27 0.0% 3 146.5 146.5 146.5 146.6 0.0
2350 12.|-- IKB-CSTM-JEX15-XE-0-0-0.mex.ad.jp 0.0% 3 166.4 165.4 163.1 166.8 2.0
2351 13.|-- 210.155.133.232 0.0% 3 147.9 148.0 147.9 148.1 0.1
2352 14.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
2353
2354######################################################################################################################################
2355[INFO] Date: 06/07/19 | Time: 11:46:46
2356[INFO] ------TARGET info------
2357[*] TARGET: http://www.kyodo-senpaku.co.jp/
2358[*] TARGET IP: 211.13.196.135
2359[INFO] NO load balancer detected for www.kyodo-senpaku.co.jp...
2360[*] DNS servers: ns.namedserver.net.
2361[*] TARGET server: Apache
2362[*] CC: JP
2363[*] Country: Japan
2364[*] RegionCode: 13
2365[*] RegionName: Tokyo
2366[*] City: Chiyoda
2367[*] ASN: AS7514
2368[*] BGP_PREFIX: 211.13.192.0/19
2369[*] ISP: MEX Computer Engineering & Consulting, Ltd., JP
2370[INFO] DNS enumeration:
2371[*] ftp.kyodo-senpaku.co.jp 211.13.204.2
2372[*] mx.kyodo-senpaku.co.jp 211.13.204.4
2373[INFO] Possible abuse mails are:
2374[*] abuse@kyodo-senpaku.co.jp
2375[*] abuse@www.kyodo-senpaku.co.jp
2376[*] domain@1-man.net
2377[INFO] NO PAC (Proxy Auto Configuration) file FOUND
2378[INFO] Starting FUZZing in http://www.kyodo-senpaku.co.jp/FUzZzZzZzZz...
2379[INFO] Status code Folders
2380[*] 200 http://www.kyodo-senpaku.co.jp/news
2381[ALERT] Look in the source code. It may contain passwords
2382[INFO] Links found from http://www.kyodo-senpaku.co.jp/ http://211.13.196.135/:
2383[*] https://twitter.com/Baleninechan
2384[*] https://www.facebook.com/pages/%E3%83%90%E3%83%AC%E3%83%8B%E3%83%B3%E3%81%A1%E3%82%83%E3%82%93/282017422004686
2385[*] https://www.facebook.com/pages/バレニンちゃん/282017422004686
2386[*] https://www.whaling.jp/recipe/
2387[*] http://www.facebook.com/plugins/likebox.php?href=https://www.facebook.com/pages/バレニンちゃん/282017422004686&width=220&height=427&colorscheme=light&show_faces=false&header=true&stream=true&show_border=true&appId=763542357003203
2388[*] http://www.kyodohanbai.co.jp/
2389[*] http://www.kyodo-senpaku.co.jp/
2390[*] http://www.kyodo-senpaku.co.jp/contact/
2391[*] http://www.kyodo-senpaku.co.jp/contact.html
2392[*] http://www.kyodo-senpaku.co.jp/corporate.html
2393[*] http://www.kyodo-senpaku.co.jp/corporate.html#link_01
2394[*] http://www.kyodo-senpaku.co.jp/corporate.html#link_02
2395[*] http://www.kyodo-senpaku.co.jp/corporate.html#link_03
2396[*] http://www.kyodo-senpaku.co.jp/corporate.html#link_04
2397[*] http://www.kyodo-senpaku.co.jp/feature/balenine/index.html
2398[*] http://www.kyodo-senpaku.co.jp/feature/restaurant/index.html
2399[*] http://www.kyodo-senpaku.co.jp/index.html
2400[*] http://www.kyodo-senpaku.co.jp/news/
2401[*] http://www.kyodo-senpaku.co.jp/recruit/
2402[*] http://www.kyodo-senpaku.co.jp/services.html
2403[*] http://www.kyodo-senpaku.co.jp/services.html#link_01
2404[*] http://www.kyodo-senpaku.co.jp/services.html#link_02
2405[*] http://www.kyodo-senpaku.co.jp/services.html#link_03
2406[*] http://www.kyodo-senpaku.co.jp/wordpress/blog
2407[*] http://www.kyodo-senpaku.co.jp/#wrapper
2408[INFO] GOOGLE has 37,900 results (0.23 seconds) about http://www.kyodo-senpaku.co.jp/
2409[INFO] BING shows 211.13.196.135 is shared with 344,000 hosts/vhosts
2410[INFO] Shodan detected the following opened ports on 211.13.196.135:
2411[*] 443
2412[*] 80
2413[INFO] ------VirusTotal SECTION------
2414[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
2415[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
2416[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
2417[INFO] ------Alexa Rank SECTION------
2418[INFO] Percent of Visitors Rank in Country:
2419[INFO] Percent of Search Traffic:
2420[INFO] Percent of Unique Visits:
2421[INFO] Total Sites Linking In:
2422[*] Total Sites
2423[INFO] Useful links related to www.kyodo-senpaku.co.jp - 211.13.196.135:
2424[*] https://www.virustotal.com/pt/ip-address/211.13.196.135/information/
2425[*] https://www.hybrid-analysis.com/search?host=211.13.196.135
2426[*] https://www.shodan.io/host/211.13.196.135
2427[*] https://www.senderbase.org/lookup/?search_string=211.13.196.135
2428[*] https://www.alienvault.com/open-threat-exchange/ip/211.13.196.135
2429[*] http://pastebin.com/search?q=211.13.196.135
2430[*] http://urlquery.net/search.php?q=211.13.196.135
2431[*] http://www.alexa.com/siteinfo/www.kyodo-senpaku.co.jp
2432[*] http://www.google.com/safebrowsing/diagnostic?site=www.kyodo-senpaku.co.jp
2433[*] https://censys.io/ipv4/211.13.196.135
2434[*] https://www.abuseipdb.com/check/211.13.196.135
2435[*] https://urlscan.io/search/#211.13.196.135
2436[*] https://github.com/search?q=211.13.196.135&type=Code
2437[INFO] Useful links related to AS7514 - 211.13.192.0/19:
2438[*] http://www.google.com/safebrowsing/diagnostic?site=AS:7514
2439[*] https://www.senderbase.org/lookup/?search_string=211.13.192.0/19
2440[*] http://bgp.he.net/AS7514
2441[*] https://stat.ripe.net/AS7514
2442[INFO] Date: 06/07/19 | Time: 11:48:23
2443[INFO] Total time: 1 minute(s) and 37 second(s)
2444#######################################################################################################################################
2445Trying "kyodo-senpaku.co.jp"
2446;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55519
2447;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2
2448
2449;; QUESTION SECTION:
2450;kyodo-senpaku.co.jp. IN ANY
2451
2452;; ANSWER SECTION:
2453kyodo-senpaku.co.jp. 3600 IN MX 100 mx.kyodo-senpaku.co.jp.
2454kyodo-senpaku.co.jp. 3600 IN SOA ns.namedserver.net. root.namedserver.net. 2327379400 10800 1800 259200 1800
2455kyodo-senpaku.co.jp. 3600 IN A 211.13.196.135
2456kyodo-senpaku.co.jp. 86399 IN NS ns.namedserver.net.
2457kyodo-senpaku.co.jp. 86399 IN NS ns2.namedserver.net.
2458
2459;; AUTHORITY SECTION:
2460kyodo-senpaku.co.jp. 86399 IN NS ns2.namedserver.net.
2461kyodo-senpaku.co.jp. 86399 IN NS ns.namedserver.net.
2462
2463;; ADDITIONAL SECTION:
2464ns2.namedserver.net. 163789 IN A 210.166.249.129
2465ns.namedserver.net. 163789 IN A 180.222.176.193
2466
2467Received 223 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 615 ms
2468#######################################################################################################################################
2469; <<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace kyodo-senpaku.co.jp
2470;; global options: +cmd
2471. 79337 IN NS m.root-servers.net.
2472. 79337 IN NS a.root-servers.net.
2473. 79337 IN NS e.root-servers.net.
2474. 79337 IN NS c.root-servers.net.
2475. 79337 IN NS k.root-servers.net.
2476. 79337 IN NS f.root-servers.net.
2477. 79337 IN NS i.root-servers.net.
2478. 79337 IN NS d.root-servers.net.
2479. 79337 IN NS h.root-servers.net.
2480. 79337 IN NS b.root-servers.net.
2481. 79337 IN NS j.root-servers.net.
2482. 79337 IN NS g.root-servers.net.
2483. 79337 IN NS l.root-servers.net.
2484. 79337 IN RRSIG NS 8 0 518400 20190719050000 20190706040000 59944 . SI6+/xLAf8pinH1maAelL1IzYlbsiDjlSlM9oYYXh8IRbuCPMnapBNV7 /8K2mZcWMb7H+NQ2yyjDmfAVY29iF2WOn/lLyVTTeabYZqHX1felWeVq lg0UXRsmgOOBXTVypEtY1ImQXGiI27IcBOX305HassIeFro2CliBCx2s 0pmDHdgS01KZGlz9NY0IBrxnVwY51Q6ydAc9/mulETCqY9hmCk06Z31x tNyRfTbp8R+0dCBi/bqTpIv0k82OVRcYOE0ILQ9483pJDNhTguyl+GJu 78KJFvA8oCSwDDiW4T9QS5t7Xzwu6aMqdf774GoTomwzDgI8UCpJu75h U6igTQ==
2485;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 115 ms
2486
2487jp. 172800 IN NS a.dns.jp.
2488jp. 172800 IN NS b.dns.jp.
2489jp. 172800 IN NS c.dns.jp.
2490jp. 172800 IN NS d.dns.jp.
2491jp. 172800 IN NS e.dns.jp.
2492jp. 172800 IN NS f.dns.jp.
2493jp. 172800 IN NS g.dns.jp.
2494jp. 172800 IN NS h.dns.jp.
2495jp. 86400 IN DS 54004 8 1 0EC348CC7E6D3213CC89E5867088043FC7D5C111
2496jp. 86400 IN DS 54004 8 2 5F4B24F667BC70880720D10DF317DC8FF80C63E586D504E6BBFE53F0 B9ECC040
2497jp. 86400 IN RRSIG DS 8 1 86400 20190719050000 20190706040000 59944 . w+uS+3j3EPIEcVtjCw4DDeTgzAyIW1kMj6t4gIwkwFI6dp5pI/qMV0O3 gZj4+MypcojAvtSh8n6h8KK889t0EPl4nwJyam5eisMBKrqIMyOx8Dcu NOzMBuibONIoUswBqNCpKRDSKY5a0oASFNFobESKkD0iNN7nBQR9lZuq ppYWpigJCjMWH+hHSKm3TwIofLCb+D/xZQIt5FRd2+OHpRwL0RFx8Mrd tAx2rsmF6+c+eTEcfX6fR7hkUvb1ZRg1Xmj+6p2vXU7GGh7Ua6rQmI2o /px5963X7YRtxGWPGWpc7EW2m3XcLNGL3UehF/Qn8PbNkXMoQNgZBs/p kW+abQ==
2498;; Received 875 bytes from 198.41.0.4#53(a.root-servers.net) in 131 ms
2499
2500kyodo-senpaku.co.jp. 86400 IN NS ns.namedserver.net.
2501kyodo-senpaku.co.jp. 86400 IN NS ns2.namedserver.net.
2502QK7NI2O4MJD1UBU0TIHLCOKHS2HTSH11.jp. 900 IN NSEC3 1 1 5 AB49572CF4 QKB5LISOLDCJ1FSFMK98P630F5BDUV8O TXT RRSIG
2503QK7NI2O4MJD1UBU0TIHLCOKHS2HTSH11.jp. 900 IN RRSIG NSEC3 8 2 900 20190729174501 20190629174501 378 jp. YG8M+IZruxjPUgjaGNe0lX/Br0nMCgvwYycuFFUgFVYxHfhC2T791AQc +NHKUIHcYxzztllT4RqLQkDFtFGG69fTGv1Z+7GwnreY4o7sDDgksbnc wDF42mKJVntU8vsAb/vXizW90TBqEwdXKNYsqhuAO8FuSYbl2ZI9fVqM GNc=
2504MJNREKNF3KEPBQ5080H9VK2K2DAU390O.jp. 900 IN NSEC3 1 1 5 AB49572CF4 MKOTAI335KMT3C2S5R7CV7RJHGJTHHE0 TXT RRSIG
2505MJNREKNF3KEPBQ5080H9VK2K2DAU390O.jp. 900 IN RRSIG NSEC3 8 2 900 20190729174501 20190629174501 378 jp. t0Zu1lVkXBb5pxgn48wdySwEgj9egRsMJA+txJpbNEYDUJCqSxll2AYL APWgNvIEF0RH6jkWHGsz6lnRGvEH5a5x7iRP1MRCg2UJVNm9GkE6mDG+ 0PFdO1SAJRUo4AO2otvBd3pJJqMSJf8gjFKjpjl1rNl6/kK4+t4geq3Z mvw=
2506;; Received 618 bytes from 210.138.175.244#53(d.dns.jp) in 201 ms
2507
2508kyodo-senpaku.co.jp. 3600 IN A 211.13.196.135
2509;; Received 64 bytes from 210.166.249.129#53(ns2.namedserver.net) in 364 ms
2510######################################################################################################################################
2511[*] Performing General Enumeration of Domain: kyodo-senpaku.co.jp
2512[-] DNSSEC is not configured for kyodo-senpaku.co.jp
2513[*] SOA ns.namedserver.net 180.222.176.193
2514[*] NS ns2.namedserver.net 210.166.249.129
2515[*] Bind Version for 210.166.249.129 PowerDNS Authoritative Server 4.1.5 (built Mar 1 2019 18:01:54 by root@bdns01.dnsserver.jp)
2516[*] NS ns.namedserver.net 180.222.176.193
2517[*] Bind Version for 180.222.176.193 PowerDNS Authoritative Server 4.1.5 (built Feb 28 2019 16:50:42 by root@adns01.dnsserver.jp)
2518[*] MX mx.kyodo-senpaku.co.jp 211.13.204.4
2519[*] A kyodo-senpaku.co.jp 211.13.196.135
2520[*] Enumerating SRV Records
2521[-] No SRV Records Found for kyodo-senpaku.co.jp
2522[+] 0 Records Found
2523######################################################################################################################################
2524[*] Processing domain kyodo-senpaku.co.jp
2525[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
2526[+] Getting nameservers
2527210.166.249.129 - ns2.namedserver.net
2528180.222.176.193 - ns.namedserver.net
2529[-] Zone transfer failed
2530
2531[+] MX records found, added to target list
2532100 mx.kyodo-senpaku.co.jp.
2533
2534[*] Scanning kyodo-senpaku.co.jp for A records
2535211.13.196.135 - kyodo-senpaku.co.jp
2536211.13.204.2 - ftp.kyodo-senpaku.co.jp
2537211.13.204.18 - imap.kyodo-senpaku.co.jp
2538211.13.204.4 - mx.kyodo-senpaku.co.jp
2539211.13.204.5 - pop.kyodo-senpaku.co.jp
2540211.13.204.5 - smtp.kyodo-senpaku.co.jp
2541211.13.196.135 - www.kyodo-senpaku.co.jp
2542######################################################################################################################################
2543Ip Address Status Type Domain Name Server
2544---------- ------ ---- ----------- ------
2545211.13.204.2 host ftp.kyodo-senpaku.co.jp
2546211.13.204.18 host imap.kyodo-senpaku.co.jp
2547211.13.204.4 host mx.kyodo-senpaku.co.jp
2548211.13.204.5 host pop.kyodo-senpaku.co.jp
2549211.13.204.5 host smtp.kyodo-senpaku.co.jp
2550211.13.196.135 200 host www.kyodo-senpaku.co.jp Apache
2551#######################################################################################################################################
2552[+] Testing domain
2553 www.kyodo-senpaku.co.jp 211.13.196.135
2554[+] Dns resolving
2555 Domain name Ip address Name server
2556 kyodo-senpaku.co.jp 211.13.196.135 sv3.isle.ne.jp
2557Found 1 host(s) for kyodo-senpaku.co.jp
2558[+] Testing wildcard
2559 Ok, no wildcard found.
2560
2561[+] Scanning for subdomain on kyodo-senpaku.co.jp
2562[!] Wordlist not specified. I scannig with my internal wordlist...
2563 Estimated time about 308.04 seconds
2564
2565 Subdomain Ip address Name server
2566
2567 ftp.kyodo-senpaku.co.jp 211.13.204.2 ftp.red.shared-server.net
2568 mx.kyodo-senpaku.co.jp 211.13.204.4 mx.red.shared-server.net
2569 pop.kyodo-senpaku.co.jp 211.13.204.5 mail.red.shared-server.net
2570 smtp.kyodo-senpaku.co.jp 211.13.204.5 mail.red.shared-server.net
2571 www.kyodo-senpaku.co.jp 211.13.196.135 sv3.isle.ne.jp
2572
2573#######################################################################################################################################
2574
2575
2576 AVAILABLE PLUGINS
2577 -----------------
2578
2579 SessionResumptionPlugin
2580 EarlyDataPlugin
2581 HttpHeadersPlugin
2582 OpenSslCipherSuitesPlugin
2583 CertificateInfoPlugin
2584 SessionRenegotiationPlugin
2585 OpenSslCcsInjectionPlugin
2586 CompressionPlugin
2587 HeartbleedPlugin
2588 RobotPlugin
2589 FallbackScsvPlugin
2590
2591
2592
2593 CHECKING HOST(S) AVAILABILITY
2594 ------------------------------------------------------------------------------------------------------------------------------------
2595
2596 211.13.196.135:443 => 211.13.196.135
2597
2598
2599
2600
2601 SCAN RESULTS FOR 211.13.196.135:443 - 211.13.196.135
2602 -------------------------------------------------------------------------------------------------------------------------------------
2603
2604 * Downgrade Attacks:
2605 TLS_FALLBACK_SCSV: OK - Supported
2606
2607 * TLSV1_3 Cipher Suites:
2608 Server rejected all cipher suites.
2609
2610 * TLS 1.2 Session Resumption Support:
2611 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
2612 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
2613
2614 * Session Renegotiation:
2615 Client-initiated Renegotiation: OK - Rejected
2616 Secure Renegotiation: OK - Supported
2617
2618 * Certificate Information:
2619 Content
2620 SHA1 Fingerprint: e0d27df475e860fc5f37802bcb93739e0e7f588d
2621 Common Name: sni.red.shared-server.net
2622 Issuer: sni.red.shared-server.net
2623 Serial Number: 14554139279756117235
2624 Not Before: 2017-04-10 02:09:25
2625 Not After: 2027-04-08 02:09:25
2626 Signature Algorithm: sha256
2627 Public Key Algorithm: RSA
2628 Key Size: 2048
2629 Exponent: 65537 (0x10001)
2630 DNS Subject Alternative Names: []
2631
2632 Trust
2633 Hostname Validation: FAILED - Certificate does NOT match 211.13.196.135
2634 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
2635 iOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
2636 Java CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: self signed certificate
2637 macOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
2638 Mozilla CA Store (2018-11-22): FAILED - Certificate is NOT Trusted: self signed certificate
2639 OPENJDK CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: self signed certificate
2640 Windows CA Store (2018-12-08): FAILED - Certificate is NOT Trusted: self signed certificate
2641 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
2642 Received Chain: sni.red.shared-server.net
2643 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
2644 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
2645 Received Chain Order: OK - Order is valid
2646 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
2647
2648 Extensions
2649 OCSP Must-Staple: NOT SUPPORTED - Extension not found
2650 Certificate Transparency: NOT SUPPORTED - Extension not found
2651
2652 OCSP Stapling
2653 NOT SUPPORTED - Server did not send back an OCSP response
2654
2655 * TLSV1_1 Cipher Suites:
2656 Forward Secrecy OK - Supported
2657 RC4 OK - Not Supported
2658
2659 Preferred:
2660 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2661 Accepted:
2662 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
2663 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2664 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
2665 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
2666 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2667 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
2668 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
2669 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2670 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
2671
2672 * TLSV1_2 Cipher Suites:
2673 Forward Secrecy OK - Supported
2674 RC4 OK - Not Supported
2675
2676 Preferred:
2677 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
2678 Accepted:
2679 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
2680 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found
2681 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
2682 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
2683 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
2684 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2685 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
2686 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
2687 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 404 Not Found
2688 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
2689 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
2690 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
2691 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2692 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
2693 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
2694 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found
2695 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
2696 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
2697 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
2698 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2699 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
2700 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
2701
2702 * ROBOT Attack:
2703 OK - Not vulnerable
2704
2705 * Deflate Compression:
2706 OK - Compression disabled
2707
2708 * SSLV2 Cipher Suites:
2709 Server rejected all cipher suites.
2710
2711 * TLSV1 Cipher Suites:
2712 Forward Secrecy OK - Supported
2713 RC4 OK - Not Supported
2714
2715 Preferred:
2716 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2717 Accepted:
2718 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
2719 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2720 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
2721 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
2722 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2723 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
2724 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
2725 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
2726 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
2727
2728 * OpenSSL CCS Injection:
2729 OK - Not vulnerable to OpenSSL CCS injection
2730
2731 * SSLV3 Cipher Suites:
2732 Server rejected all cipher suites.
2733
2734 * OpenSSL Heartbleed:
2735 OK - Not vulnerable to Heartbleed
2736
2737
2738 SCAN COMPLETED IN 31.06 S
2739 -------------------------
2740#######################################################################################################################################
2741DNS Servers for kyodo-senpaku.co.jp:
2742 ns2.namedserver.net
2743 ns.namedserver.net
2744
2745Trying zone transfer first...
2746 Testing ns2.namedserver.net
2747 Request timed out or transfer not allowed.
2748 Testing ns.namedserver.net
2749 Request timed out or transfer not allowed.
2750
2751Unsuccessful in zone transfer (it was worth a shot)
2752Okay, trying the good old fashioned way... brute force
2753
2754Checking for wildcard DNS...
2755Nope. Good.
2756Now performing 2280 test(s)...
2757211.13.204.2 ftp.kyodo-senpaku.co.jp
2758211.13.204.18 imap.kyodo-senpaku.co.jp
2759211.13.204.4 mx.kyodo-senpaku.co.jp
2760211.13.204.5 pop.kyodo-senpaku.co.jp
2761211.13.204.5 smtp.kyodo-senpaku.co.jp
2762211.13.196.135 www.kyodo-senpaku.co.jp
2763
2764Subnets found (may want to probe here using nmap or unicornscan):
2765 211.13.196.0-255 : 1 hostnames found.
2766 211.13.204.0-255 : 5 hostnames found.
2767
2768Done with Fierce scan: http://ha.ckers.org/fierce/
2769Found 6 entries.
2770
2771Have a nice day.
2772#######################################################################################################################################
2773[3/25] http://www.kyodo-senpaku.co.jp/feature/manual/manual.pdf
2774[4/25] http://www.kyodo-senpaku.co.jp/news/20160920%25E3%2583%2597%25E3%2583%25AC%25E3%2582%25B9%25E3%2583%25AA%25E3%2583%25AA%25E3%2583%25BC%25E3%2582%25B9.pdf
2775 [x] Error in the parsing process
2776[5/25] http://www.kyodo-senpaku.co.jp/news/2014/09/02/140903.pdf
2777[6/25] http://www.kyodo-senpaku.co.jp/news/2014/09/02/140904.pdf
2778[7/25] http://www.kyodo-senpaku.co.jp/news/2015/01/06/141222ReleaseJp.pdf
2779[8/25] http://www.kyodo-senpaku.co.jp/news/2014/09/02/140914.pdf
2780[9/25] http://www.kyodo-senpaku.co.jp/news/2014/09/02/140830.pdf
2781[10/25] http://www.kyodo-senpaku.co.jp/news/2016/08/23/160823%2520%25E3%2583%2597%25E3%2583%25AC%25E3%2582%25B9%25E3%2583%25AA%25E3%2583%25AA%25E3%2583%25BC%25E3%2582%25B9.pdf
2782 [x] Error in the parsing process
2783[11/25] http://www.kyodo-senpaku.co.jp/news/2015/01/30/%25E3%2581%258F%25E3%2581%2598%25E3%2582%2589%25E3%2582%25B8%25E3%2583%25A3%25E3%2583%25BC%25E3%2582%25AD%25E3%2583%25BC%25E3%2581%25AE%25E3%2581%2594%25E6%25A1%2588%25E5%2586%2585.pdf
2784
2785
2786[+] List of users found:
2787--------------------------
2788soumubu14
2789
2790[+] List of software found:
2791-----------------------------
2792DocuCentre-IV C5575
2793Acrobat Distiller 11.0 (Windows)
2794PScript5.dll Version 5.2.2
2795Adobe PDF library 9.90
2796Adobe Illustrator CS5.1
2797#######################################################################################################################################
2798===============================================
2799-=Subfinder v1.1.3 github.com/subfinder/subfinder
2800===============================================
2801
2802
2803Running Source: Ask
2804Running Source: Archive.is
2805Running Source: Baidu
2806Running Source: Bing
2807Running Source: CertDB
2808Running Source: CertificateTransparency
2809Running Source: Certspotter
2810Running Source: Commoncrawl
2811Running Source: Crt.sh
2812Running Source: Dnsdb
2813Running Source: DNSDumpster
2814Running Source: DNSTable
2815Running Source: Dogpile
2816Running Source: Exalead
2817Running Source: Findsubdomains
2818Running Source: Googleter
2819Running Source: Hackertarget
2820Running Source: Ipv4Info
2821Running Source: PTRArchive
2822Running Source: Sitedossier
2823Running Source: Threatcrowd
2824Running Source: ThreatMiner
2825Running Source: WaybackArchive
2826Running Source: Yahoo
2827
2828Running enumeration on www.kyodo-senpaku.co.jp
2829
2830dnsdb: Unexpected return status 503
2831
2832ipv4info: <nil>
2833
2834waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.www.kyodo-senpaku.co.jp/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
2835
2836dogpile: Get https://www.dogpile.com/search/web?q=www.kyodo-senpaku.co.jp&qsi=1: EOF
2837
2838
2839Starting Bruteforcing of www.kyodo-senpaku.co.jp with 9985 words
2840
2841Total 1 Unique subdomains found for www.kyodo-senpaku.co.jp
2842
2843.www.kyodo-senpaku.co.jp
2844#######################################################################################################################################
2845
2846dig: '.www.kyodo-senpaku.co.jp' is not a legal name (empty label)
2847
2848SubOver v.1.2 Nizamul Rana (@Ice3man)
2849==================================================
2850
2851
2852[~] Enjoy your hunt !
2853[Not Vulnerable] 107.154.85.17
2854[Not Vulnerable] 128.65.195.96
2855[Not Vulnerable] 141.105.65.111
2856[Not Vulnerable] 198.71.232.3
2857[Not Vulnerable] 138.128.160.2
2858[Not Vulnerable] 191.101.50.140
2859[Not Vulnerable] 202.189.180.90
2860[Not Vulnerable] 202.254.236.55
2861[Not Vulnerable] 192.254.235.39
2862[Not Vulnerable] 202.152.218.36
2863[Not Vulnerable] 210.140.228.109
2864[Not Vulnerable] 62.12.105.2
2865[Not Vulnerable] 41.204.200.68
2866[Not Vulnerable] 219.94.128.83
2867[Not Vulnerable] 34.66.191.217
2868[Not Vulnerable] 67.225.171.176
2869[Not Vulnerable] 77.104.162.243
2870[Not Vulnerable] 62.12.105.3
2871[Not Vulnerable] domain
2872[Not Vulnerable] patriotwatchmedia.com
2873[Not Vulnerable] www.albetaqa.site
2874[Not Vulnerable] sangwalisafaris.com
2875[Not Vulnerable] webuildthewall.us
2876[Not Vulnerable] .www.kyodo-senpaku.co.jp
2877[Not Vulnerable] www.chechensinsyria.com
2878[Not Vulnerable] ok-corporation.jp
2879[Not Vulnerable] islam-iea.com
2880[Not Vulnerable] www.audit.gov.sd
2881[Not Vulnerable] hounanichiba.com
2882[Not Vulnerable] www.kuklosknights.com
2883[Not Vulnerable] www.banque-comores.km
2884[Not Vulnerable] www.nagasaki-tabinet.com
2885[Not Vulnerable] www.sudan-tourism.gov.sd
2886[Not Vulnerable] www.rnspolice.gov.sd
2887[Not Vulnerable] trafficpolice.gov.sd
2888[Not Vulnerable] www.kyodo-senpaku.co.jp
2889[Not Vulnerable] www.hanamasa.co.jp
2890[Not Vulnerable] www.whitakeronline.org
2891[Not Vulnerable] www.tcdpe.gov.sd
2892[Not Vulnerable] www.tobustore.co.jp
2893#######################################################################################################################################
2894103.1.120.0/22
2895103.18.100.0/22
2896103.36.140.0/22
2897103.42.44.0/22
2898103.52.232.0/22
2899103.94.228.0/22
2900103.96.112.0/22
2901103.227.188.0/22
2902113.192.128.0/17
2903120.89.128.0/17
2904120.93.0.0/16
2905202.222.160.0/19
2906202.223.0.0/22
2907210.155.128.0/19
2908210.155.128.0/24
2909210.166.224.0/19
2910210.198.0.0/19
2911210.198.0.0/20
2912210.198.16.0/22
2913210.198.20.0/24
2914210.198.21.0/24
2915210.198.22.0/23
2916210.198.24.0/21
2917211.13.192.0/19
2918218.216.128.0/20
2919219.112.248.0/21
2920#######################################################################################################################################
2921Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 11:56 EDT
2922Nmap scan report for www.kyodo-senpaku.co.jp (211.13.196.135)
2923Host is up (0.36s latency).
2924rDNS record for 211.13.196.135: sv3.isle.ne.jp
2925Not shown: 470 filtered ports, 4 closed ports
2926Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2927PORT STATE SERVICE
292880/tcp open http
2929443/tcp open https
2930
2931Nmap done: 1 IP address (1 host up) scanned in 210.22 seconds
2932#######################################################################################################################################
2933Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 11:59 EDT
2934Nmap scan report for www.kyodo-senpaku.co.jp (211.13.196.135)
2935Host is up (0.11s latency).
2936rDNS record for 211.13.196.135: sv3.isle.ne.jp
2937Not shown: 2 filtered ports
2938PORT STATE SERVICE
293953/udp open|filtered domain
294067/udp open|filtered dhcps
294168/udp open|filtered dhcpc
294269/udp open|filtered tftp
294388/udp open|filtered kerberos-sec
2944123/udp open|filtered ntp
2945139/udp open|filtered netbios-ssn
2946161/udp open|filtered snmp
2947162/udp open|filtered snmptrap
2948389/udp open|filtered ldap
2949520/udp open|filtered route
29502049/udp open|filtered nfs
2951
2952Nmap done: 1 IP address (1 host up) scanned in 2.27 seconds
2953#######################################################################################################################################
2954wig - WebApp Information Gatherer
2955
2956
2957Scanning http://www.kyodo-senpaku.co.jp...
2958_________________________________________ SITE INFO _________________________________________
2959IP Title
2960211.13.196.135 共同船舶株式会社|捕鯨と鯨肉販売のプロフェッショナル企業
2961
2962__________________________________________ VERSION __________________________________________
2963Name Versions Type
2964Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
2965 2.4.9
2966
2967_____________________________________________________________________________________________
2968Time: 74.2 sec Urls: 648 Fingerprints: 40401
2969#######################################################################################################################################
2970HTTP/1.1 200 OK
2971Date: Sat, 06 Jul 2019 16:01:19 GMT
2972Server: Apache
2973Last-Modified: Thu, 16 May 2019 01:55:00 GMT
2974ETag: "3339-588f78dbfa500"
2975Accept-Ranges: bytes
2976Content-Length: 13113
2977Content-Type: text/html
2978
2979HTTP/1.1 200 OK
2980Date: Sat, 06 Jul 2019 16:01:20 GMT
2981Server: Apache
2982Last-Modified: Thu, 16 May 2019 01:55:00 GMT
2983ETag: "3339-588f78dbfa500"
2984Accept-Ranges: bytes
2985Content-Length: 13113
2986Content-Type: text/html
2987
2988#######################################################################################################################################
2989Version: 1.11.13-static
2990OpenSSL 1.0.2-chacha (1.0.2g-dev)
2991
2992Connected to 211.13.196.135
2993
2994Testing SSL server www.kyodo-senpaku.co.jp on port 443 using SNI name www.kyodo-senpaku.co.jp
2995
2996 TLS Fallback SCSV:
2997Server supports TLS Fallback SCSV
2998
2999 TLS renegotiation:
3000Secure session renegotiation supported
3001
3002 TLS Compression:
3003Compression disabled
3004
3005 Heartbleed:
3006TLS 1.2 not vulnerable to heartbleed
3007TLS 1.1 not vulnerable to heartbleed
3008TLS 1.0 not vulnerable to heartbleed
3009
3010 Supported Server Cipher(s):
3011Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
3012Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
3013Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
3014Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
3015Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
3016Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
3017Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3018Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3019Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
3020Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3021Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
3022Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3023Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
3024Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
3025Accepted TLSv1.2 128 bits AES128-GCM-SHA256
3026Accepted TLSv1.2 256 bits AES256-GCM-SHA384
3027Accepted TLSv1.2 128 bits AES128-SHA256
3028Accepted TLSv1.2 256 bits AES256-SHA256
3029Accepted TLSv1.2 128 bits AES128-SHA
3030Accepted TLSv1.2 256 bits AES256-SHA
3031Accepted TLSv1.2 112 bits DES-CBC3-SHA
3032Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3033Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3034Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3035Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3036Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
3037Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
3038Accepted TLSv1.1 128 bits AES128-SHA
3039Accepted TLSv1.1 256 bits AES256-SHA
3040Accepted TLSv1.1 112 bits DES-CBC3-SHA
3041Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3042Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3043Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3044Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3045Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
3046Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
3047Accepted TLSv1.0 128 bits AES128-SHA
3048Accepted TLSv1.0 256 bits AES256-SHA
3049Accepted TLSv1.0 112 bits DES-CBC3-SHA
3050
3051 SSL Certificate:
3052Signature Algorithm: sha256WithRSAEncryption
3053RSA Key Strength: 2048
3054
3055Subject: sni.red.shared-server.net
3056Issuer: sni.red.shared-server.net
3057
3058Not valid before: Apr 10 02:09:25 2017 GMT
3059Not valid after: Apr 8 02:09:25 2027 GMT
3060#######################################################################################################################################
3061--------------------------------------------------------
3062<<<Yasuo discovered following vulnerable applications>>>
3063--------------------------------------------------------
3064+----------+--------------------------------+----------------------------------------------+----------+----------+
3065| App Name | URL to Application | Potential Exploit | Username | Password |
3066+----------+--------------------------------+----------------------------------------------+----------+----------+
3067| SVN | http://211.13.196.135:80/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
3068+----------+--------------------------------+----------------------------------------------+----------+----------+
3069#######################################################################################################################################
3070Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 14:01 EDT
3071Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
3072Host is up (0.57s latency).
3073Not shown: 470 filtered ports, 4 closed ports
3074Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
3075PORT STATE SERVICE
307680/tcp open http
3077443/tcp open https
3078
3079Nmap done: 1 IP address (1 host up) scanned in 192.68 seconds
3080#######################################################################################################################################
3081Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 14:04 EDT
3082Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
3083Host is up (0.18s latency).
3084Not shown: 2 filtered ports
3085PORT STATE SERVICE
308653/udp open|filtered domain
308767/udp open|filtered dhcps
308868/udp open|filtered dhcpc
308969/udp open|filtered tftp
309088/udp open|filtered kerberos-sec
3091123/udp open|filtered ntp
3092139/udp open|filtered netbios-ssn
3093161/udp open|filtered snmp
3094162/udp open|filtered snmptrap
3095389/udp open|filtered ldap
3096520/udp open|filtered route
30972049/udp open|filtered nfs
3098
3099Nmap done: 1 IP address (1 host up) scanned in 2.79 seconds
3100#######################################################################################################################################
3101Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 14:04 EDT
3102Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
3103Host is up.
3104
3105PORT STATE SERVICE VERSION
310667/udp open|filtered dhcps
3107|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
3108Too many fingerprints match this host to give specific OS details
3109
3110TRACEROUTE (using proto 1/icmp)
3111HOP RTT ADDRESS
31121 173.19 ms 10.252.200.1
31132 174.60 ms 213.184.122.97
31143 177.26 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
31154 177.30 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
31165 240.47 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
31176 177.33 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
31187 242.87 ms bzq-179-124-78.cust.bezeqint.net (212.179.124.78)
31198 243.00 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
31209 337.33 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
312110 371.35 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
312211 509.25 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
312312 ...
312413 513.87 ms 245.143090232.odn.ne.jp (143.90.232.245)
312514 513.82 ms STOrc-01Te0-0-0-5.nw.odn.ad.jp (143.90.47.17)
312615 516.58 ms 143.90.161.54
312716 487.04 ms 62.210252175.odn.ne.jp (210.252.175.62)
312817 485.47 ms IKB-CORE-GR62-TG52.mex.ad.jp (210.155.142.126)
312918 489.16 ms 210.155.132.27
313019 549.02 ms IKB-CSTM-JEX15-XE-0-0-0.mex.ad.jp (210.155.137.179)
313120 542.67 ms 210.155.133.232
313221 ... 30
3133#######################################################################################################################################
3134Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 14:06 EDT
3135Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
3136Host is up.
3137
3138PORT STATE SERVICE VERSION
313968/udp open|filtered dhcpc
3140Too many fingerprints match this host to give specific OS details
3141
3142TRACEROUTE (using proto 1/icmp)
3143HOP RTT ADDRESS
31441 199.88 ms 10.252.200.1
31452 201.09 ms 213.184.122.97
31463 251.45 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
31474 251.47 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
31485 308.60 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
31496 251.50 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
31507 314.17 ms bzq-179-124-78.cust.bezeqint.net (212.179.124.78)
31518 316.61 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
31529 371.73 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
315310 418.01 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
315411 512.54 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
315512 ...
315613 535.91 ms 245.143090232.odn.ne.jp (143.90.232.245)
315714 538.79 ms STOrc-01Te0-0-0-5.nw.odn.ad.jp (143.90.47.17)
315815 548.49 ms 143.90.161.54
315916 554.85 ms 62.210252175.odn.ne.jp (210.252.175.62)
316017 549.11 ms IKB-CORE-GR62-TG52.mex.ad.jp (210.155.142.126)
316118 556.08 ms 210.155.132.27
316219 536.11 ms IKB-CSTM-JEX15-XE-0-0-0.mex.ad.jp (210.155.137.179)
316320 527.27 ms 210.155.133.232
316421 ... 30
3165
3166OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
3167Nmap done: 1 IP address (1 host up) scanned in 109.67 seconds
3168 + -- --=[Port 69 opened... running tests...
3169====================================================================================
3170 RUNNING NMAP SCRIPTS
3171====================================================================================
3172Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 14:07 EDT
3173Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
3174Host is up.
3175
3176PORT STATE SERVICE VERSION
317769/udp open|filtered tftp
3178Too many fingerprints match this host to give specific OS details
3179
3180TRACEROUTE (using proto 1/icmp)
3181HOP RTT ADDRESS
31821 201.44 ms 10.252.200.1
31832 202.80 ms 213.184.122.97
31843 235.26 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
31854 235.50 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
31865 309.49 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
31876 235.72 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
31887 313.66 ms bzq-179-124-78.cust.bezeqint.net (212.179.124.78)
31898 315.67 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
31909 372.50 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
319110 410.34 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
319211 515.70 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
319312 ...
319413 509.03 ms 245.143090232.odn.ne.jp (143.90.232.245)
319514 509.98 ms STOrc-01Te0-0-0-5.nw.odn.ad.jp (143.90.47.17)
319615 517.17 ms 143.90.161.54
319716 509.67 ms 62.210252175.odn.ne.jp (210.252.175.62)
319817 509.26 ms IKB-CORE-GR62-TG52.mex.ad.jp (210.155.142.126)
319918 511.99 ms 210.155.132.27
320019 523.74 ms IKB-CSTM-JEX15-XE-0-0-0.mex.ad.jp (210.155.137.179)
320120 497.18 ms 210.155.133.232
320221 ... 30
3203#######################################################################################################################################
3204Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 14:10 EDT
3205Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
3206Host is up.
3207
3208PORT STATE SERVICE VERSION
320980/tcp filtered http
3210Too many fingerprints match this host to give specific OS details
3211
3212TRACEROUTE (using proto 1/icmp)
3213HOP RTT ADDRESS
32141 170.84 ms 10.252.200.1
32152 172.02 ms 213.184.122.97
32163 171.02 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
32174 172.27 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
32185 232.13 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
32196 171.67 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
32207 237.12 ms bzq-179-124-78.cust.bezeqint.net (212.179.124.78)
32218 239.15 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
32229 310.00 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
322310 389.91 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
322411 527.58 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
322512 ...
322613 534.35 ms 245.143090232.odn.ne.jp (143.90.232.245)
322714 535.87 ms STOrc-01Te0-0-0-5.nw.odn.ad.jp (143.90.47.17)
322815 543.26 ms 143.90.161.54
322916 545.19 ms 62.210252175.odn.ne.jp (210.252.175.62)
323017 543.05 ms IKB-CORE-GR62-TG52.mex.ad.jp (210.155.142.126)
323118 547.40 ms 210.155.132.27
323219 556.11 ms IKB-CSTM-JEX15-XE-0-0-0.mex.ad.jp (210.155.137.179)
323320 546.16 ms 210.155.133.232
323421 ... 30
3235#######################################################################################################################################
3236
3237wig - WebApp Information Gatherer
3238
3239
3240Scanning http://211.13.196.135...
3241________________________________________ SITE INFO _________________________________________
3242IP Title
3243211.13.196.135
3244
3245_________________________________________ VERSION __________________________________________
3246Name Versions Type
3247Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
3248 2.4.9
3249
3250____________________________________________________________________________________________
3251Time: 0.7 sec Urls: 599 Fingerprints: 40401
3252#######################################################################################################################################
3253HTTP/1.1 200 OK
3254Date: Sat, 06 Jul 2019 18:10:33 GMT
3255Server: Apache
3256Last-Modified: Thu, 27 Jun 2019 10:14:54 GMT
3257ETag: "7c-58c4b6ee4469d"
3258Accept-Ranges: bytes
3259Content-Length: 124
3260Content-Type: text/html
3261
3262HTTP/1.1 200 OK
3263Date: Sat, 06 Jul 2019 18:10:34 GMT
3264Server: Apache
3265Last-Modified: Thu, 27 Jun 2019 10:14:54 GMT
3266ETag: "7c-58c4b6ee4469d"
3267Accept-Ranges: bytes
3268Content-Length: 124
3269Content-Type: text/html
3270
3271Allow: GET,POST,OPTIONS,HEAD
3272#######################################################################################################################################
3273Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 14:10 EDT
3274Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
3275Host is up.
3276
3277PORT STATE SERVICE VERSION
3278123/udp open|filtered ntp
3279Too many fingerprints match this host to give specific OS details
3280
3281TRACEROUTE (using proto 1/icmp)
3282HOP RTT ADDRESS
32831 178.19 ms 10.252.200.1
32842 179.05 ms 213.184.122.97
32853 178.26 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
32864 178.29 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
32875 238.50 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
32886 178.33 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
32897 243.49 ms bzq-179-124-78.cust.bezeqint.net (212.179.124.78)
32908 247.68 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
32919 317.31 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
329210 363.78 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
329311 477.84 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
329412 ...
329513 479.94 ms 245.143090232.odn.ne.jp (143.90.232.245)
329614 483.53 ms STOrc-01Te0-0-0-5.nw.odn.ad.jp (143.90.47.17)
329715 490.35 ms 143.90.161.54
329816 474.74 ms 62.210252175.odn.ne.jp (210.252.175.62)
329917 475.75 ms IKB-CORE-GR62-TG52.mex.ad.jp (210.155.142.126)
330018 479.31 ms 210.155.132.27
330119 488.01 ms IKB-CSTM-JEX15-XE-0-0-0.mex.ad.jp (210.155.137.179)
330220 472.81 ms 210.155.133.232
330321 ... 30
3304
3305#######################################################################################################################################
3306Version: 1.11.13-static
3307OpenSSL 1.0.2-chacha (1.0.2g-dev)
3308
3309Connected to 211.13.196.135
3310
3311Testing SSL server 211.13.196.135 on port 443 using SNI name 211.13.196.135
3312
3313 TLS Fallback SCSV:
3314Server supports TLS Fallback SCSV
3315
3316 TLS renegotiation:
3317Secure session renegotiation supported
3318
3319 TLS Compression:
3320Compression disabled
3321
3322 Heartbleed:
3323TLS 1.2 not vulnerable to heartbleed
3324TLS 1.1 not vulnerable to heartbleed
3325TLS 1.0 not vulnerable to heartbleed
3326
3327 Supported Server Cipher(s):
3328Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
3329Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
3330Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
3331Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
3332Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
3333Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
3334Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3335Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3336Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
3337Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3338Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
3339Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3340Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
3341Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
3342Accepted TLSv1.2 128 bits AES128-GCM-SHA256
3343Accepted TLSv1.2 256 bits AES256-GCM-SHA384
3344Accepted TLSv1.2 128 bits AES128-SHA256
3345Accepted TLSv1.2 256 bits AES256-SHA256
3346Accepted TLSv1.2 128 bits AES128-SHA
3347Accepted TLSv1.2 256 bits AES256-SHA
3348Accepted TLSv1.2 112 bits DES-CBC3-SHA
3349Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3350Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3351Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3352Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3353Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
3354Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
3355Accepted TLSv1.1 128 bits AES128-SHA
3356Accepted TLSv1.1 256 bits AES256-SHA
3357Accepted TLSv1.1 112 bits DES-CBC3-SHA
3358Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3359Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3360Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3361Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3362Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
3363Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
3364Accepted TLSv1.0 128 bits AES128-SHA
3365Accepted TLSv1.0 256 bits AES256-SHA
3366Accepted TLSv1.0 112 bits DES-CBC3-SHA
3367
3368 SSL Certificate:
3369Signature Algorithm: sha256WithRSAEncryption
3370RSA Key Strength: 2048
3371
3372Subject: sni.red.shared-server.net
3373Issuer: sni.red.shared-server.net
3374
3375Not valid before: Apr 10 02:09:25 2017 GMT
3376Not valid after: Apr 8 02:09:25 2027 GMT
3377
3378#######################################################################################################################################
3379--------------------------------------------------------
3380<<<Yasuo discovered following vulnerable applications>>>
3381--------------------------------------------------------
3382+----------+--------------------------------+----------------------------------------------+----------+----------+
3383| App Name | URL to Application | Potential Exploit | Username | Password |
3384+----------+--------------------------------+----------------------------------------------+----------+----------+
3385| SVN | http://211.13.196.135:80/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
3386+----------+--------------------------------+----------------------------------------------+----------+----------+
3387#######################################################################################################################################
3388Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 14:21 EDT
3389NSE: Loaded 45 scripts for scanning.
3390NSE: Script Pre-scanning.
3391NSE: Starting runlevel 1 (of 2) scan.
3392Initiating NSE at 14:21
3393Completed NSE at 14:21, 0.00s elapsed
3394NSE: Starting runlevel 2 (of 2) scan.
3395Initiating NSE at 14:21
3396Completed NSE at 14:21, 0.00s elapsed
3397Initiating Ping Scan at 14:21
3398Scanning 211.13.196.135 [4 ports]
3399Completed Ping Scan at 14:21, 0.51s elapsed (1 total hosts)
3400Initiating Parallel DNS resolution of 1 host. at 14:21
3401Completed Parallel DNS resolution of 1 host. at 14:21, 0.03s elapsed
3402Initiating Connect Scan at 14:21
3403Scanning sv3.isle.ne.jp (211.13.196.135) [65535 ports]
3404Discovered open port 80/tcp on 211.13.196.135
3405Discovered open port 443/tcp on 211.13.196.135
3406Connect Scan Timing: About 2.78% done; ETC: 14:40 (0:18:02 remaining)
3407Connect Scan Timing: About 8.79% done; ETC: 14:33 (0:10:33 remaining)
3408Connect Scan Timing: About 12.14% done; ETC: 14:34 (0:11:20 remaining)
3409Connect Scan Timing: About 17.65% done; ETC: 14:33 (0:09:39 remaining)
3410Connect Scan Timing: About 23.01% done; ETC: 14:33 (0:08:35 remaining)
3411Connect Scan Timing: About 30.07% done; ETC: 14:32 (0:07:08 remaining)
3412Connect Scan Timing: About 36.78% done; ETC: 14:31 (0:06:08 remaining)
3413Connect Scan Timing: About 42.54% done; ETC: 14:31 (0:05:38 remaining)
3414Connect Scan Timing: About 48.37% done; ETC: 14:31 (0:05:09 remaining)
3415Connect Scan Timing: About 53.82% done; ETC: 14:31 (0:04:36 remaining)
3416Connect Scan Timing: About 59.54% done; ETC: 14:31 (0:04:01 remaining)
3417Connect Scan Timing: About 67.26% done; ETC: 14:31 (0:03:07 remaining)
3418Connect Scan Timing: About 75.00% done; ETC: 14:31 (0:02:18 remaining)
3419Connect Scan Timing: About 82.68% done; ETC: 14:30 (0:01:33 remaining)
3420Connect Scan Timing: About 89.22% done; ETC: 14:30 (0:00:57 remaining)
3421Completed Connect Scan at 14:30, 538.35s elapsed (65535 total ports)
3422Initiating Service scan at 14:30
3423Scanning 2 services on sv3.isle.ne.jp (211.13.196.135)
3424Completed Service scan at 14:31, 14.92s elapsed (2 services on 1 host)
3425Initiating OS detection (try #1) against sv3.isle.ne.jp (211.13.196.135)
3426Retrying OS detection (try #2) against sv3.isle.ne.jp (211.13.196.135)
3427Initiating Traceroute at 14:31
3428Completed Traceroute at 14:31, 6.19s elapsed
3429Initiating Parallel DNS resolution of 19 hosts. at 14:31
3430Completed Parallel DNS resolution of 19 hosts. at 14:31, 0.61s elapsed
3431NSE: Script scanning 211.13.196.135.
3432NSE: Starting runlevel 1 (of 2) scan.
3433Initiating NSE at 14:31
3434NSE Timing: About 98.86% done; ETC: 14:32 (0:00:00 remaining)
3435Completed NSE at 14:32, 34.90s elapsed
3436NSE: Starting runlevel 2 (of 2) scan.
3437Initiating NSE at 14:32
3438Completed NSE at 14:32, 0.00s elapsed
3439Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
3440Host is up, received syn-ack ttl 40 (0.39s latency).
3441Scanned at 2019-07-06 14:21:59 EDT for 606s
3442Not shown: 65529 filtered ports
3443Reason: 65529 no-responses
3444PORT STATE SERVICE REASON VERSION
344525/tcp closed smtp conn-refused
344680/tcp open http syn-ack Apache httpd
3447|_http-server-header: Apache
3448| vulscan: VulDB - https://vuldb.com:
3449| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
3450| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
3451| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
3452| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
3453| [134416] Apache Sanselan 0.97-incubator Loop denial of service
3454| [134415] Apache Sanselan 0.97-incubator Hang denial of service
3455| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
3456| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
3457| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3458| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3459| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
3460| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
3461| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
3462| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
3463| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
3464| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
3465| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
3466| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
3467| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
3468| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
3469| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
3470| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
3471| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
3472| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
3473| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3474| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3475| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
3476| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
3477| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
3478| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
3479| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
3480| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
3481| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
3482| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
3483| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
3484| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
3485| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
3486| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
3487| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
3488| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
3489| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
3490| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
3491| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
3492| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
3493| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
3494| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
3495| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
3496| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
3497| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
3498| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
3499| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
3500| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
3501| [131859] Apache Hadoop up to 2.9.1 privilege escalation
3502| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
3503| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
3504| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
3505| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
3506| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
3507| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
3508| [130629] Apache Guacamole Cookie Flag weak encryption
3509| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
3510| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
3511| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
3512| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
3513| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
3514| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
3515| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
3516| [130123] Apache Airflow up to 1.8.2 information disclosure
3517| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
3518| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
3519| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
3520| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
3521| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3522| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3523| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3524| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
3525| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
3526| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
3527| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
3528| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
3529| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3530| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
3531| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
3532| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
3533| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
3534| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
3535| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3536| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
3537| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3538| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
3539| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
3540| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
3541| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
3542| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
3543| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
3544| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
3545| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
3546| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
3547| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
3548| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
3549| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
3550| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
3551| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
3552| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
3553| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
3554| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
3555| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
3556| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
3557| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
3558| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
3559| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
3560| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
3561| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
3562| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
3563| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
3564| [127007] Apache Spark Request Code Execution
3565| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
3566| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
3567| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
3568| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
3569| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
3570| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
3571| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
3572| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
3573| [126346] Apache Tomcat Path privilege escalation
3574| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
3575| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
3576| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
3577| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
3578| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
3579| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
3580| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
3581| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
3582| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
3583| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
3584| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
3585| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3586| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
3587| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
3588| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
3589| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
3590| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
3591| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
3592| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
3593| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
3594| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
3595| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
3596| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
3597| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
3598| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
3599| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
3600| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
3601| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
3602| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
3603| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
3604| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
3605| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
3606| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
3607| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
3608| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
3609| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
3610| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
3611| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
3612| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
3613| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
3614| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
3615| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
3616| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
3617| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
3618| [123197] Apache Sentry up to 2.0.0 privilege escalation
3619| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
3620| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
3621| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
3622| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
3623| [122800] Apache Spark 1.3.0 REST API weak authentication
3624| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
3625| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
3626| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
3627| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
3628| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
3629| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
3630| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
3631| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
3632| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
3633| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
3634| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
3635| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
3636| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
3637| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
3638| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
3639| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
3640| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
3641| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
3642| [121354] Apache CouchDB HTTP API Code Execution
3643| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
3644| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
3645| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
3646| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
3647| [120168] Apache CXF weak authentication
3648| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
3649| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
3650| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
3651| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
3652| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
3653| [119306] Apache MXNet Network Interface privilege escalation
3654| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
3655| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
3656| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
3657| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
3658| [118143] Apache NiFi activemq-client Library Deserialization denial of service
3659| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
3660| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
3661| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
3662| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
3663| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
3664| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
3665| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
3666| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
3667| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
3668| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
3669| [117115] Apache Tika up to 1.17 tika-server command injection
3670| [116929] Apache Fineract getReportType Parameter privilege escalation
3671| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
3672| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
3673| [116926] Apache Fineract REST Hand Parameter privilege escalation
3674| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
3675| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
3676| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
3677| [115883] Apache Hive up to 2.3.2 privilege escalation
3678| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
3679| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
3680| [115518] Apache Ignite 2.3 Deserialization privilege escalation
3681| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
3682| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
3683| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
3684| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
3685| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
3686| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
3687| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
3688| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
3689| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
3690| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
3691| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
3692| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
3693| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
3694| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
3695| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
3696| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
3697| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
3698| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
3699| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
3700| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
3701| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
3702| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
3703| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
3704| [113895] Apache Geode up to 1.3.x Code Execution
3705| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
3706| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
3707| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
3708| [113747] Apache Tomcat Servlets privilege escalation
3709| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
3710| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
3711| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
3712| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
3713| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
3714| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3715| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
3716| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3717| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
3718| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
3719| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
3720| [112885] Apache Allura up to 1.8.0 File information disclosure
3721| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
3722| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
3723| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
3724| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
3725| [112625] Apache POI up to 3.16 Loop denial of service
3726| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
3727| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
3728| [112339] Apache NiFi 1.5.0 Header privilege escalation
3729| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
3730| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
3731| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
3732| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
3733| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
3734| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
3735| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
3736| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
3737| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
3738| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
3739| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
3740| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
3741| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
3742| [112114] Oracle 9.1 Apache Log4j privilege escalation
3743| [112113] Oracle 9.1 Apache Log4j privilege escalation
3744| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
3745| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
3746| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
3747| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
3748| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
3749| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
3750| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
3751| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
3752| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
3753| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
3754| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
3755| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
3756| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
3757| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
3758| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
3759| [110701] Apache Fineract Query Parameter sql injection
3760| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
3761| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
3762| [110393] Apple macOS up to 10.13.2 apache information disclosure
3763| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
3764| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
3765| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
3766| [110106] Apache CXF Fediz Spring cross site request forgery
3767| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
3768| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
3769| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
3770| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
3771| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
3772| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
3773| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
3774| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
3775| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
3776| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
3777| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
3778| [108938] Apple macOS up to 10.13.1 apache denial of service
3779| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
3780| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
3781| [108935] Apple macOS up to 10.13.1 apache denial of service
3782| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
3783| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
3784| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
3785| [108931] Apple macOS up to 10.13.1 apache denial of service
3786| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
3787| [108929] Apple macOS up to 10.13.1 apache denial of service
3788| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
3789| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
3790| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
3791| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
3792| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
3793| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
3794| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
3795| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
3796| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
3797| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
3798| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
3799| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
3800| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
3801| [108782] Apache Xerces2 XML Service denial of service
3802| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
3803| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
3804| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
3805| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
3806| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
3807| [108629] Apache OFBiz up to 10.04.01 privilege escalation
3808| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
3809| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
3810| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
3811| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
3812| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
3813| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
3814| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
3815| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
3816| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
3817| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
3818| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
3819| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
3820| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
3821| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
3822| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
3823| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
3824| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
3825| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3826| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
3827| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
3828| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
3829| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
3830| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
3831| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
3832| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
3833| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
3834| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
3835| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
3836| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
3837| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
3838| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
3839| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
3840| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
3841| [107639] Apache NiFi 1.4.0 XML External Entity
3842| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
3843| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
3844| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
3845| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
3846| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
3847| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
3848| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
3849| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
3850| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
3851| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
3852| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
3853| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
3854| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
3855| [107197] Apache Xerces Jelly Parser XML File XML External Entity
3856| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
3857| [107084] Apache Struts up to 2.3.19 cross site scripting
3858| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
3859| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
3860| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
3861| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
3862| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
3863| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
3864| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
3865| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
3866| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
3867| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
3868| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
3869| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
3870| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
3871| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
3872| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
3873| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
3874| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
3875| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
3876| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
3877| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
3878| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
3879| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
3880| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
3881| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
3882| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
3883| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
3884| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
3885| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
3886| [105878] Apache Struts up to 2.3.24.0 privilege escalation
3887| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
3888| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
3889| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
3890| [105643] Apache Pony Mail up to 0.8b weak authentication
3891| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
3892| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
3893| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
3894| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
3895| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
3896| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
3897| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
3898| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
3899| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
3900| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
3901| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
3902| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
3903| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
3904| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
3905| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
3906| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
3907| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
3908| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
3909| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
3910| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
3911| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
3912| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
3913| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
3914| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
3915| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
3916| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
3917| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
3918| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
3919| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
3920| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
3921| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
3922| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
3923| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
3924| [103690] Apache OpenMeetings 1.0.0 sql injection
3925| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
3926| [103688] Apache OpenMeetings 1.0.0 weak encryption
3927| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
3928| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
3929| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
3930| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
3931| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
3932| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
3933| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
3934| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
3935| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
3936| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
3937| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
3938| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
3939| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
3940| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
3941| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
3942| [103352] Apache Solr Node weak authentication
3943| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
3944| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
3945| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
3946| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
3947| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
3948| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
3949| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
3950| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
3951| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
3952| [102536] Apache Ranger up to 0.6 Stored cross site scripting
3953| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
3954| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
3955| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
3956| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
3957| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
3958| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
3959| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
3960| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
3961| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
3962| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
3963| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
3964| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
3965| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
3966| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
3967| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
3968| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
3969| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
3970| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
3971| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
3972| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
3973| [99937] Apache Batik up to 1.8 privilege escalation
3974| [99936] Apache FOP up to 2.1 privilege escalation
3975| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
3976| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
3977| [99930] Apache Traffic Server up to 6.2.0 denial of service
3978| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
3979| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
3980| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
3981| [117569] Apache Hadoop up to 2.7.3 privilege escalation
3982| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
3983| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
3984| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
3985| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
3986| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
3987| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
3988| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
3989| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
3990| [99014] Apache Camel Jackson/JacksonXML privilege escalation
3991| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3992| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
3993| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3994| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
3995| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
3996| [98605] Apple macOS up to 10.12.3 Apache denial of service
3997| [98604] Apple macOS up to 10.12.3 Apache denial of service
3998| [98603] Apple macOS up to 10.12.3 Apache denial of service
3999| [98602] Apple macOS up to 10.12.3 Apache denial of service
4000| [98601] Apple macOS up to 10.12.3 Apache denial of service
4001| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
4002| [98405] Apache Hadoop up to 0.23.10 privilege escalation
4003| [98199] Apache Camel Validation XML External Entity
4004| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
4005| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
4006| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
4007| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
4008| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
4009| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
4010| [97081] Apache Tomcat HTTPS Request denial of service
4011| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
4012| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
4013| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
4014| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
4015| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
4016| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
4017| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
4018| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
4019| [95311] Apache storm UI Daemon privilege escalation
4020| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
4021| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
4022| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
4023| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
4024| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
4025| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
4026| [94540] Apache Tika 1.9 tika-server File information disclosure
4027| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
4028| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
4029| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
4030| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
4031| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
4032| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
4033| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4034| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4035| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
4036| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
4037| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
4038| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
4039| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
4040| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
4041| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4042| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4043| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
4044| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
4045| [93532] Apache Commons Collections Library Java privilege escalation
4046| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
4047| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
4048| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
4049| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
4050| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
4051| [93098] Apache Commons FileUpload privilege escalation
4052| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
4053| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
4054| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
4055| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
4056| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
4057| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
4058| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
4059| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
4060| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
4061| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
4062| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
4063| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
4064| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
4065| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
4066| [92549] Apache Tomcat on Red Hat privilege escalation
4067| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
4068| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
4069| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
4070| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
4071| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
4072| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
4073| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
4074| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
4075| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
4076| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
4077| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
4078| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
4079| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
4080| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
4081| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
4082| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
4083| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
4084| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
4085| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
4086| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
4087| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
4088| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
4089| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
4090| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
4091| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
4092| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
4093| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
4094| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
4095| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
4096| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
4097| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
4098| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
4099| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
4100| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
4101| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
4102| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4103| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
4104| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
4105| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
4106| [90263] Apache Archiva Header denial of service
4107| [90262] Apache Archiva Deserialize privilege escalation
4108| [90261] Apache Archiva XML DTD Connection privilege escalation
4109| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
4110| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4111| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
4112| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
4113| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4114| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4115| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
4116| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
4117| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
4118| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
4119| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
4120| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
4121| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
4122| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
4123| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
4124| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
4125| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
4126| [87765] Apache James Server 2.3.2 Command privilege escalation
4127| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4128| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
4129| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
4130| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
4131| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4132| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4133| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
4134| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
4135| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
4136| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4137| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4138| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
4139| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
4140| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
4141| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4142| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4143| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
4144| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
4145| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
4146| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
4147| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
4148| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
4149| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
4150| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
4151| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
4152| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
4153| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
4154| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
4155| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
4156| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
4157| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
4158| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
4159| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
4160| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
4161| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
4162| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
4163| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
4164| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
4165| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
4166| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
4167| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
4168| [82076] Apache Ranger up to 0.5.1 privilege escalation
4169| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
4170| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
4171| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
4172| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
4173| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
4174| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
4175| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
4176| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
4177| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
4178| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
4179| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
4180| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
4181| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4182| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4183| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
4184| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
4185| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
4186| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
4187| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
4188| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
4189| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
4190| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
4191| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
4192| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
4193| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
4194| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
4195| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
4196| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
4197| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
4198| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
4199| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
4200| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
4201| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
4202| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
4203| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
4204| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
4205| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
4206| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
4207| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
4208| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
4209| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
4210| [79791] Cisco Products Apache Commons Collections Library privilege escalation
4211| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4212| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4213| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
4214| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
4215| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
4216| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
4217| [78989] Apache Ambari up to 2.1.1 Open Redirect
4218| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
4219| [78987] Apache Ambari up to 2.0.x cross site scripting
4220| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
4221| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4222| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4223| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4224| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4225| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4226| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4227| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4228| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
4229| [77406] Apache Flex BlazeDS AMF Message XML External Entity
4230| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
4231| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
4232| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
4233| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4234| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
4235| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
4236| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
4237| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
4238| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
4239| [76567] Apache Struts 2.3.20 unknown vulnerability
4240| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4241| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4242| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4243| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
4244| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
4245| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
4246| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
4247| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
4248| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
4249| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
4250| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
4251| [74793] Apache Tomcat File Upload denial of service
4252| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
4253| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
4254| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
4255| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
4256| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
4257| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
4258| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
4259| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
4260| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
4261| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
4262| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
4263| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
4264| [74468] Apache Batik up to 1.6 denial of service
4265| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
4266| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
4267| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4268| [74174] Apache WSS4J up to 2.0.0 privilege escalation
4269| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
4270| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
4271| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
4272| [73731] Apache XML Security unknown vulnerability
4273| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
4274| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
4275| [73593] Apache Traffic Server up to 5.1.0 denial of service
4276| [73511] Apache POI up to 3.10 Deadlock denial of service
4277| [73510] Apache Solr up to 4.3.0 cross site scripting
4278| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
4279| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
4280| [73173] Apache CloudStack Stack-Based unknown vulnerability
4281| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
4282| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
4283| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4284| [72890] Apache Qpid 0.30 unknown vulnerability
4285| [72887] Apache Hive 0.13.0 File Permission privilege escalation
4286| [72878] Apache Cordova 3.5.0 cross site request forgery
4287| [72877] Apache Cordova 3.5.0 cross site request forgery
4288| [72876] Apache Cordova 3.5.0 cross site request forgery
4289| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4290| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
4291| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
4292| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
4293| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4294| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4295| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
4296| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
4297| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
4298| [71629] Apache Axis2/C spoofing
4299| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
4300| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
4301| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
4302| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
4303| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
4304| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
4305| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
4306| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
4307| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
4308| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
4309| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
4310| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
4311| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4312| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
4313| [70809] Apache POI up to 3.11 Crash denial of service
4314| [70808] Apache POI up to 3.10 unknown vulnerability
4315| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
4316| [70749] Apache Axis up to 1.4 getCN spoofing
4317| [70701] Apache Traffic Server up to 3.3.5 denial of service
4318| [70700] Apache OFBiz up to 12.04.03 cross site scripting
4319| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
4320| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
4321| [70661] Apache Subversion up to 1.6.17 denial of service
4322| [70660] Apache Subversion up to 1.6.17 spoofing
4323| [70659] Apache Subversion up to 1.6.17 spoofing
4324| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4325| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4326| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4327| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4328| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4329| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4330| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
4331| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
4332| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4333| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4334| [69846] Apache HBase up to 0.94.8 information disclosure
4335| [69783] Apache CouchDB up to 1.2.0 memory corruption
4336| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
4337| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
4338| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4339| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
4340| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
4341| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
4342| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
4343| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
4344| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
4345| [69431] Apache Archiva up to 1.3.6 cross site scripting
4346| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
4347| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
4348| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
4349| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
4350| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
4351| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
4352| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
4353| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
4354| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
4355| [66739] Apache Camel up to 2.12.2 unknown vulnerability
4356| [66738] Apache Camel up to 2.12.2 unknown vulnerability
4357| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
4358| [66695] Apache CouchDB up to 1.2.0 cross site scripting
4359| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
4360| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
4361| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
4362| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
4363| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
4364| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
4365| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
4366| [66356] Apache Wicket up to 6.8.0 information disclosure
4367| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
4368| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
4369| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4370| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
4371| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
4372| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4373| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4374| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
4375| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
4376| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
4377| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
4378| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
4379| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
4380| [65668] Apache Solr 4.0.0 Updater denial of service
4381| [65665] Apache Solr up to 4.3.0 denial of service
4382| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
4383| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
4384| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
4385| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
4386| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
4387| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
4388| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
4389| [65410] Apache Struts 2.3.15.3 cross site scripting
4390| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
4391| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
4392| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
4393| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
4394| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
4395| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
4396| [65340] Apache Shindig 2.5.0 information disclosure
4397| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
4398| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
4399| [10826] Apache Struts 2 File privilege escalation
4400| [65204] Apache Camel up to 2.10.1 unknown vulnerability
4401| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
4402| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
4403| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
4404| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
4405| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
4406| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
4407| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
4408| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
4409| [64722] Apache XML Security for C++ Heap-based memory corruption
4410| [64719] Apache XML Security for C++ Heap-based memory corruption
4411| [64718] Apache XML Security for C++ verify denial of service
4412| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
4413| [64716] Apache XML Security for C++ spoofing
4414| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
4415| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
4416| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
4417| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
4418| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
4419| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
4420| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
4421| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
4422| [64485] Apache Struts up to 2.2.3.0 privilege escalation
4423| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
4424| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
4425| [64467] Apache Geronimo 3.0 memory corruption
4426| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
4427| [64457] Apache Struts up to 2.2.3.0 cross site scripting
4428| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
4429| [9184] Apache Qpid up to 0.20 SSL misconfiguration
4430| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
4431| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
4432| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
4433| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
4434| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
4435| [8873] Apache Struts 2.3.14 privilege escalation
4436| [8872] Apache Struts 2.3.14 privilege escalation
4437| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
4438| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
4439| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
4440| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
4441| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
4442| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4443| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4444| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
4445| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
4446| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
4447| [64006] Apache ActiveMQ up to 5.7.0 denial of service
4448| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
4449| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
4450| [8427] Apache Tomcat Session Transaction weak authentication
4451| [63960] Apache Maven 3.0.4 Default Configuration spoofing
4452| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
4453| [63750] Apache qpid up to 0.20 checkAvailable denial of service
4454| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
4455| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
4456| [63747] Apache Rave up to 0.20 User Account information disclosure
4457| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
4458| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
4459| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
4460| [7687] Apache CXF up to 2.7.2 Token weak authentication
4461| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4462| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4463| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4464| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
4465| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
4466| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
4467| [63090] Apache Tomcat up to 4.1.24 denial of service
4468| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4469| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
4470| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
4471| [62833] Apache CXF -/2.6.0 spoofing
4472| [62832] Apache Axis2 up to 1.6.2 spoofing
4473| [62831] Apache Axis up to 1.4 Java Message Service spoofing
4474| [62830] Apache Commons-httpclient 3.0 Payments spoofing
4475| [62826] Apache Libcloud up to 0.11.0 spoofing
4476| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
4477| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
4478| [62661] Apache Axis2 unknown vulnerability
4479| [62658] Apache Axis2 unknown vulnerability
4480| [62467] Apache Qpid up to 0.17 denial of service
4481| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
4482| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4483| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4484| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
4485| [62035] Apache Struts up to 2.3.4 denial of service
4486| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
4487| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
4488| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
4489| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
4490| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
4491| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
4492| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
4493| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
4494| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
4495| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
4496| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
4497| [61229] Apache Sling up to 2.1.1 denial of service
4498| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
4499| [61094] Apache Roller up to 5.0 cross site scripting
4500| [61093] Apache Roller up to 5.0 cross site request forgery
4501| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
4502| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
4503| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
4504| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
4505| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
4506| [60708] Apache Qpid 0.12 unknown vulnerability
4507| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
4508| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
4509| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
4510| [4882] Apache Wicket up to 1.5.4 directory traversal
4511| [4881] Apache Wicket up to 1.4.19 cross site scripting
4512| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
4513| [60352] Apache Struts up to 2.2.3 memory corruption
4514| [60153] Apache Portable Runtime up to 1.4.3 denial of service
4515| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
4516| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
4517| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
4518| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
4519| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
4520| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
4521| [4571] Apache Struts up to 2.3.1.2 privilege escalation
4522| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
4523| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
4524| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
4525| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
4526| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
4527| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
4528| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4529| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
4530| [59888] Apache Tomcat up to 6.0.6 denial of service
4531| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
4532| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
4533| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
4534| [59850] Apache Geronimo up to 2.2.1 denial of service
4535| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
4536| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
4537| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
4538| [58413] Apache Tomcat up to 6.0.10 spoofing
4539| [58381] Apache Wicket up to 1.4.17 cross site scripting
4540| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
4541| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
4542| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
4543| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
4544| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4545| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
4546| [57568] Apache Archiva up to 1.3.4 cross site scripting
4547| [57567] Apache Archiva up to 1.3.4 cross site request forgery
4548| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
4549| [4355] Apache HTTP Server APR apr_fnmatch denial of service
4550| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
4551| [57425] Apache Struts up to 2.2.1.1 cross site scripting
4552| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
4553| [57025] Apache Tomcat up to 7.0.11 information disclosure
4554| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
4555| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
4556| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4557| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
4558| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
4559| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
4560| [56512] Apache Continuum up to 1.4.0 cross site scripting
4561| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
4562| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
4563| [4283] Apache Tomcat 5.x ServletContect privilege escalation
4564| [56441] Apache Tomcat up to 7.0.6 denial of service
4565| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
4566| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
4567| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
4568| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
4569| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
4570| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
4571| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
4572| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
4573| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
4574| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
4575| [54693] Apache Traffic Server DNS Cache unknown vulnerability
4576| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
4577| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
4578| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
4579| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
4580| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
4581| [54012] Apache Tomcat up to 6.0.10 denial of service
4582| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
4583| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
4584| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
4585| [52894] Apache Tomcat up to 6.0.7 information disclosure
4586| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
4587| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
4588| [52786] Apache Open For Business Project up to 09.04 cross site scripting
4589| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
4590| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
4591| [52584] Apache CouchDB up to 0.10.1 information disclosure
4592| [51757] Apache HTTP Server 2.0.44 cross site scripting
4593| [51756] Apache HTTP Server 2.0.44 spoofing
4594| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
4595| [51690] Apache Tomcat up to 6.0 directory traversal
4596| [51689] Apache Tomcat up to 6.0 information disclosure
4597| [51688] Apache Tomcat up to 6.0 directory traversal
4598| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
4599| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
4600| [50626] Apache Solr 1.0.0 cross site scripting
4601| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
4602| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
4603| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
4604| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
4605| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
4606| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
4607| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
4608| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
4609| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
4610| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
4611| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
4612| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
4613| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
4614| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
4615| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
4616| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
4617| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
4618| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
4619| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
4620| [47214] Apachefriends xampp 1.6.8 spoofing
4621| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
4622| [47162] Apachefriends XAMPP 1.4.4 weak authentication
4623| [47065] Apache Tomcat 4.1.23 cross site scripting
4624| [46834] Apache Tomcat up to 5.5.20 cross site scripting
4625| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
4626| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
4627| [86625] Apache Struts directory traversal
4628| [44461] Apache Tomcat up to 5.5.0 information disclosure
4629| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
4630| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
4631| [43663] Apache Tomcat up to 6.0.16 directory traversal
4632| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
4633| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
4634| [43516] Apache Tomcat up to 4.1.20 directory traversal
4635| [43509] Apache Tomcat up to 6.0.13 cross site scripting
4636| [42637] Apache Tomcat up to 6.0.16 cross site scripting
4637| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
4638| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
4639| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
4640| [40924] Apache Tomcat up to 6.0.15 information disclosure
4641| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
4642| [40922] Apache Tomcat up to 6.0 information disclosure
4643| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
4644| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
4645| [40656] Apache Tomcat 5.5.20 information disclosure
4646| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
4647| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
4648| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
4649| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
4650| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
4651| [40234] Apache Tomcat up to 6.0.15 directory traversal
4652| [40221] Apache HTTP Server 2.2.6 information disclosure
4653| [40027] David Castro Apache Authcas 0.4 sql injection
4654| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
4655| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
4656| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
4657| [39489] Apache Jakarta Slide up to 2.1 directory traversal
4658| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
4659| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
4660| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
4661| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
4662| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
4663| [38524] Apache Geronimo 2.0 unknown vulnerability
4664| [3256] Apache Tomcat up to 6.0.13 cross site scripting
4665| [38331] Apache Tomcat 4.1.24 information disclosure
4666| [38330] Apache Tomcat 4.1.24 information disclosure
4667| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
4668| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
4669| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
4670| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
4671| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
4672| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
4673| [37292] Apache Tomcat up to 5.5.1 cross site scripting
4674| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
4675| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
4676| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
4677| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
4678| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
4679| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
4680| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
4681| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
4682| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
4683| [36225] XAMPP Apache Distribution 1.6.0a sql injection
4684| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
4685| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
4686| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
4687| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
4688| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
4689| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
4690| [34252] Apache HTTP Server denial of service
4691| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
4692| [33877] Apache Opentaps 0.9.3 cross site scripting
4693| [33876] Apache Open For Business Project unknown vulnerability
4694| [33875] Apache Open For Business Project cross site scripting
4695| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
4696| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
4697| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
4698| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
4699| [31663] vbPortal Apache HTTP Server index.php directory traversal
4700| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
4701| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
4702| [30623] Apache James 2.2.0 SMTP Server denial of service
4703| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
4704#######################################################################################################################################
4705| MITRE CVE - https://cve.mitre.org:
4706| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
4707| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
4708| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
4709| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
4710| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
4711| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
4712| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
4713| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
4714| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
4715| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
4716| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
4717| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
4718| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
4719| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
4720| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
4721| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
4722| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
4723| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
4724| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
4725| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
4726| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
4727| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
4728| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
4729| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
4730| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
4731| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
4732| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
4733| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
4734| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
4735| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
4736| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4737| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
4738| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
4739| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
4740| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
4741| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
4742| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
4743| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
4744| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
4745| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
4746| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
4747| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4748| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4749| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4750| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4751| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
4752| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
4753| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
4754| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
4755| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
4756| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
4757| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
4758| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
4759| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
4760| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
4761| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
4762| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
4763| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
4764| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
4765| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
4766| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
4767| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
4768| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
4769| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
4770| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4771| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
4772| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
4773| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
4774| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
4775| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
4776| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
4777| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
4778| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
4779| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
4780| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
4781| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
4782| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
4783| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
4784| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
4785| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
4786| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
4787| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
4788| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
4789| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
4790| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
4791| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
4792| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
4793| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
4794| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
4795| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
4796| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
4797| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
4798| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
4799| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
4800| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
4801| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
4802| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
4803| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
4804| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
4805| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
4806| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
4807| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
4808| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
4809| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
4810| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
4811| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
4812| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
4813| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
4814| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
4815| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
4816| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
4817| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
4818| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
4819| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
4820| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
4821| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
4822| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
4823| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
4824| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
4825| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
4826| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
4827| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
4828| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
4829| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
4830| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4831| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4832| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
4833| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
4834| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
4835| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
4836| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
4837| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
4838| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
4839| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
4840| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
4841| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
4842| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
4843| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
4844| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
4845| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
4846| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
4847| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
4848| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
4849| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
4850| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
4851| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
4852| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
4853| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
4854| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
4855| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
4856| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
4857| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
4858| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
4859| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
4860| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
4861| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
4862| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
4863| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
4864| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
4865| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
4866| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
4867| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
4868| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
4869| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4870| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
4871| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
4872| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
4873| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
4874| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
4875| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
4876| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
4877| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
4878| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
4879| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
4880| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
4881| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
4882| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
4883| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
4884| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
4885| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4886| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
4887| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
4888| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
4889| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
4890| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
4891| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
4892| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
4893| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
4894| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
4895| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
4896| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
4897| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
4898| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
4899| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
4900| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
4901| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
4902| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
4903| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
4904| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
4905| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
4906| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
4907| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
4908| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
4909| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
4910| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
4911| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
4912| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
4913| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
4914| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
4915| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
4916| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
4917| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
4918| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
4919| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
4920| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
4921| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
4922| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
4923| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
4924| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
4925| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
4926| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4927| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
4928| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
4929| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
4930| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
4931| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
4932| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
4933| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
4934| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
4935| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
4936| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
4937| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
4938| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
4939| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
4940| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
4941| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
4942| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
4943| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
4944| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
4945| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
4946| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
4947| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
4948| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
4949| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
4950| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
4951| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
4952| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
4953| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
4954| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
4955| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
4956| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
4957| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
4958| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
4959| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
4960| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
4961| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
4962| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
4963| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
4964| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
4965| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
4966| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
4967| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
4968| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
4969| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
4970| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
4971| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
4972| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
4973| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
4974| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
4975| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
4976| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
4977| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
4978| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
4979| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
4980| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
4981| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
4982| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
4983| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
4984| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
4985| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
4986| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
4987| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
4988| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
4989| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
4990| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
4991| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
4992| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
4993| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
4994| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
4995| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
4996| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
4997| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
4998| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
4999| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5000| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5001| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
5002| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
5003| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
5004| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
5005| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
5006| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
5007| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
5008| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
5009| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
5010| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
5011| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5012| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5013| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
5014| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
5015| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
5016| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5017| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
5018| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
5019| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
5020| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
5021| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
5022| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
5023| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
5024| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
5025| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5026| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
5027| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
5028| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
5029| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
5030| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
5031| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
5032| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
5033| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
5034| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
5035| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
5036| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
5037| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
5038| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
5039| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
5040| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
5041| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
5042| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
5043| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
5044| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
5045| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
5046| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
5047| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
5048| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
5049| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
5050| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
5051| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
5052| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
5053| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5054| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5055| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
5056| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
5057| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
5058| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5059| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
5060| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
5061| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
5062| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
5063| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
5064| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
5065| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
5066| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
5067| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
5068| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
5069| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
5070| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
5071| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
5072| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5073| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5074| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
5075| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
5076| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
5077| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
5078| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
5079| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
5080| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
5081| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5082| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
5083| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5084| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
5085| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
5086| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
5087| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5088| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
5089| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5090| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
5091| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
5092| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5093| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
5094| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
5095| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
5096| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
5097| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
5098| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
5099| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
5100| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
5101| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5102| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
5103| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
5104| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
5105| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5106| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
5107| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
5108| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
5109| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
5110| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
5111| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
5112| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
5113| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
5114| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
5115| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
5116| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
5117| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
5118| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
5119| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
5120| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
5121| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
5122| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
5123| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5124| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5125| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
5126| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
5127| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
5128| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
5129| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
5130| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
5131| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
5132| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
5133| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
5134| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
5135| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
5136| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
5137| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
5138| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
5139| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
5140| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
5141| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
5142| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
5143| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
5144| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
5145| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
5146| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
5147| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
5148| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5149| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5150| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5151| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
5152| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
5153| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
5154| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
5155| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
5156| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
5157| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
5158| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
5159| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
5160| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5161| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
5162| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
5163| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
5164| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
5165| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
5166| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5167| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5168| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
5169| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
5170| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
5171| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
5172| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
5173| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
5174| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
5175| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
5176| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5177| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
5178| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
5179| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
5180| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
5181| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
5182| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
5183| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
5184| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
5185| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
5186| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
5187| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
5188| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
5189| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
5190| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
5191| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
5192| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
5193| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5194| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5195| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
5196| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
5197| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
5198| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
5199| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
5200| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
5201| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
5202| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
5203| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
5204| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
5205| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
5206| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
5207| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
5208| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
5209| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
5210| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
5211| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
5212| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
5213| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
5214| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
5215| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
5216| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
5217| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
5218| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
5219| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
5220| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
5221| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
5222| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
5223| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
5224| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
5225| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
5226| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
5227| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
5228| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
5229| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
5230| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
5231| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
5232| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
5233| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
5234| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
5235| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
5236| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
5237| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
5238| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
5239| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
5240| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5241| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
5242| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
5243| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
5244| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
5245| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
5246| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
5247| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
5248| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
5249| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
5250| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
5251| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
5252| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
5253| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
5254| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
5255| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
5256| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
5257| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
5258| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
5259| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
5260| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
5261| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
5262| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
5263| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
5264| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
5265| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
5266| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
5267| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
5268| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
5269| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5270| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
5271| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5272| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
5273| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
5274| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
5275| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
5276| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
5277| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
5278| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
5279| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
5280| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
5281| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
5282| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
5283| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
5284| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
5285| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
5286| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
5287| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
5288| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
5289| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
5290| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5291| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
5292| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
5293| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
5294| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
5295| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
5296| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
5297| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
5298| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
5299| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
5300| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
5301| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
5302| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
5303| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
5304| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
5305| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
5306| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
5307| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
5308| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
5309| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5310| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
5311| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
5312| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
5313| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
5314| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
5315#######################################################################################################################################
5316| SecurityFocus - https://www.securityfocus.com/bid/:
5317| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
5318| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
5319| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
5320| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
5321| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
5322| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
5323| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
5324| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
5325| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
5326| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
5327| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
5328| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
5329| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
5330| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
5331| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
5332| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
5333| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
5334| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
5335| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
5336| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
5337| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
5338| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
5339| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
5340| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
5341| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
5342| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
5343| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
5344| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
5345| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
5346| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
5347| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
5348| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
5349| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
5350| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
5351| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
5352| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
5353| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
5354| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
5355| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
5356| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
5357| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
5358| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
5359| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
5360| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
5361| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
5362| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
5363| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
5364| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
5365| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
5366| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
5367| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
5368| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
5369| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
5370| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
5371| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
5372| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
5373| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
5374| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
5375| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
5376| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
5377| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
5378| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
5379| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
5380| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
5381| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
5382| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
5383| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
5384| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
5385| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
5386| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
5387| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
5388| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
5389| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
5390| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
5391| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
5392| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
5393| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
5394| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
5395| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
5396| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
5397| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
5398| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
5399| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
5400| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
5401| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
5402| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
5403| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
5404| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
5405| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
5406| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
5407| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
5408| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
5409| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
5410| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
5411| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
5412| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
5413| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
5414| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
5415| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
5416| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
5417| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
5418| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
5419| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
5420| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
5421| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
5422| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
5423| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
5424| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
5425| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
5426| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
5427| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
5428| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
5429| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
5430| [100447] Apache2Triad Multiple Security Vulnerabilities
5431| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
5432| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
5433| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
5434| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
5435| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
5436| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
5437| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
5438| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
5439| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
5440| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
5441| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
5442| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
5443| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
5444| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
5445| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
5446| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
5447| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
5448| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
5449| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
5450| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
5451| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
5452| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
5453| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
5454| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
5455| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
5456| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
5457| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
5458| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
5459| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
5460| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
5461| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
5462| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
5463| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
5464| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
5465| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
5466| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
5467| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
5468| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
5469| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
5470| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
5471| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
5472| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
5473| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
5474| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
5475| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
5476| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
5477| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
5478| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
5479| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
5480| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
5481| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
5482| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
5483| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
5484| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
5485| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
5486| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
5487| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
5488| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
5489| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
5490| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
5491| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
5492| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
5493| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
5494| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
5495| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
5496| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
5497| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
5498| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
5499| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
5500| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
5501| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
5502| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
5503| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
5504| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
5505| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
5506| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
5507| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
5508| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
5509| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
5510| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
5511| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
5512| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
5513| [95675] Apache Struts Remote Code Execution Vulnerability
5514| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
5515| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
5516| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
5517| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
5518| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
5519| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
5520| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
5521| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
5522| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
5523| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
5524| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
5525| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
5526| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
5527| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
5528| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
5529| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
5530| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
5531| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
5532| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
5533| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
5534| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
5535| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
5536| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
5537| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
5538| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
5539| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
5540| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
5541| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
5542| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
5543| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
5544| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
5545| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
5546| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
5547| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
5548| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
5549| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
5550| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
5551| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
5552| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
5553| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
5554| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
5555| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
5556| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
5557| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
5558| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
5559| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
5560| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
5561| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
5562| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
5563| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
5564| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
5565| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
5566| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
5567| [91736] Apache XML-RPC Multiple Security Vulnerabilities
5568| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
5569| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
5570| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
5571| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
5572| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
5573| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
5574| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
5575| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
5576| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
5577| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
5578| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
5579| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
5580| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
5581| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
5582| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
5583| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
5584| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
5585| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
5586| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
5587| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
5588| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
5589| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
5590| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
5591| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
5592| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
5593| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
5594| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
5595| [90482] Apache CVE-2004-1387 Local Security Vulnerability
5596| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
5597| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
5598| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
5599| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
5600| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
5601| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
5602| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
5603| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
5604| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
5605| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
5606| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
5607| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
5608| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
5609| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
5610| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
5611| [86399] Apache CVE-2007-1743 Local Security Vulnerability
5612| [86397] Apache CVE-2007-1742 Local Security Vulnerability
5613| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
5614| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
5615| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
5616| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
5617| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
5618| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
5619| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
5620| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
5621| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
5622| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
5623| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
5624| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
5625| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
5626| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
5627| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
5628| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
5629| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
5630| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
5631| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
5632| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
5633| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
5634| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
5635| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
5636| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
5637| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
5638| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
5639| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
5640| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
5641| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
5642| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
5643| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
5644| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
5645| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
5646| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
5647| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
5648| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
5649| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
5650| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
5651| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
5652| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
5653| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
5654| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
5655| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
5656| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
5657| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
5658| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
5659| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
5660| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
5661| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
5662| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
5663| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
5664| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
5665| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
5666| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
5667| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
5668| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
5669| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
5670| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
5671| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
5672| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
5673| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
5674| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
5675| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
5676| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
5677| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
5678| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
5679| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
5680| [76933] Apache James Server Unspecified Command Execution Vulnerability
5681| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
5682| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
5683| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
5684| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
5685| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
5686| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
5687| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
5688| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
5689| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
5690| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
5691| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
5692| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
5693| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
5694| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
5695| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
5696| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
5697| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
5698| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
5699| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
5700| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
5701| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
5702| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
5703| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
5704| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
5705| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
5706| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
5707| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
5708| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
5709| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
5710| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
5711| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
5712| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
5713| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
5714| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
5715| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
5716| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
5717| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
5718| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
5719| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
5720| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
5721| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
5722| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
5723| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
5724| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
5725| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
5726| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
5727| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
5728| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
5729| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
5730| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
5731| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
5732| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
5733| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
5734| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
5735| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
5736| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
5737| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
5738| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
5739| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
5740| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
5741| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
5742| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
5743| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
5744| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
5745| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
5746| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
5747| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
5748| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
5749| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
5750| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
5751| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
5752| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
5753| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
5754| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
5755| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
5756| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
5757| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
5758| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
5759| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
5760| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
5761| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
5762| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
5763| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
5764| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
5765| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
5766| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
5767| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
5768| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
5769| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
5770| [68229] Apache Harmony PRNG Entropy Weakness
5771| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
5772| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
5773| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
5774| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
5775| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
5776| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
5777| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
5778| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
5779| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
5780| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
5781| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
5782| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
5783| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
5784| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
5785| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
5786| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
5787| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
5788| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
5789| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
5790| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
5791| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
5792| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
5793| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
5794| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
5795| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
5796| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
5797| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
5798| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
5799| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
5800| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
5801| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
5802| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
5803| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
5804| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
5805| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
5806| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
5807| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
5808| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
5809| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
5810| [64780] Apache CloudStack Unauthorized Access Vulnerability
5811| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
5812| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
5813| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
5814| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
5815| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
5816| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
5817| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
5818| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
5819| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
5820| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
5821| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
5822| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5823| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
5824| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
5825| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
5826| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
5827| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
5828| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
5829| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
5830| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
5831| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
5832| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
5833| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
5834| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
5835| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
5836| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
5837| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
5838| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
5839| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
5840| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
5841| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
5842| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
5843| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
5844| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
5845| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
5846| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
5847| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
5848| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
5849| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
5850| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
5851| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
5852| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
5853| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
5854| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
5855| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
5856| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
5857| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
5858| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
5859| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
5860| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
5861| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
5862| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
5863| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
5864| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
5865| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
5866| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
5867| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
5868| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
5869| [59670] Apache VCL Multiple Input Validation Vulnerabilities
5870| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
5871| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
5872| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
5873| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
5874| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
5875| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
5876| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
5877| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
5878| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
5879| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
5880| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
5881| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
5882| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
5883| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
5884| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
5885| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
5886| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
5887| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
5888| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
5889| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
5890| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
5891| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
5892| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
5893| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
5894| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
5895| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
5896| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
5897| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
5898| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
5899| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
5900| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
5901| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
5902| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
5903| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
5904| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
5905| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
5906| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
5907| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
5908| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
5909| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
5910| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
5911| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
5912| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
5913| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
5914| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
5915| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
5916| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
5917| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
5918| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
5919| [54798] Apache Libcloud Man In The Middle Vulnerability
5920| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
5921| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
5922| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
5923| [54189] Apache Roller Cross Site Request Forgery Vulnerability
5924| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
5925| [53880] Apache CXF Child Policies Security Bypass Vulnerability
5926| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
5927| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
5928| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
5929| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
5930| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
5931| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
5932| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
5933| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5934| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
5935| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
5936| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
5937| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
5938| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
5939| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
5940| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
5941| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
5942| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
5943| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
5944| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
5945| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
5946| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5947| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5948| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
5949| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
5950| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
5951| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
5952| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
5953| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
5954| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
5955| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5956| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
5957| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
5958| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
5959| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
5960| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5961| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5962| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
5963| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
5964| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5965| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
5966| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
5967| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
5968| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
5969| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
5970| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
5971| [49290] Apache Wicket Cross Site Scripting Vulnerability
5972| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
5973| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
5974| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
5975| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
5976| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
5977| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
5978| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
5979| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5980| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
5981| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
5982| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
5983| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
5984| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
5985| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
5986| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
5987| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
5988| [46953] Apache MPM-ITK Module Security Weakness
5989| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
5990| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
5991| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
5992| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
5993| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
5994| [46166] Apache Tomcat JVM Denial of Service Vulnerability
5995| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
5996| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5997| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
5998| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
5999| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
6000| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
6001| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
6002| [44616] Apache Shiro Directory Traversal Vulnerability
6003| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
6004| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
6005| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
6006| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
6007| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
6008| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6009| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
6010| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
6011| [42492] Apache CXF XML DTD Processing Security Vulnerability
6012| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
6013| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6014| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6015| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
6016| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
6017| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6018| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
6019| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
6020| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
6021| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6022| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6023| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
6024| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
6025| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6026| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
6027| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
6028| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
6029| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
6030| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
6031| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
6032| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
6033| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
6034| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
6035| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
6036| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
6037| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
6038| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
6039| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
6040| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
6041| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
6042| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6043| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
6044| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
6045| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
6046| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
6047| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6048| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
6049| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
6050| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
6051| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
6052| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
6053| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6054| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6055| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
6056| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
6057| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
6058| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
6059| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
6060| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
6061| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6062| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
6063| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
6064| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6065| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
6066| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
6067| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
6068| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
6069| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
6070| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
6071| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
6072| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6073| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
6074| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
6075| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
6076| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
6077| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
6078| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
6079| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
6080| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
6081| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
6082| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6083| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
6084| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6085| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
6086| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
6087| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
6088| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
6089| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
6090| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6091| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
6092| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
6093| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
6094| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
6095| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
6096| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
6097| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
6098| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
6099| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
6100| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
6101| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
6102| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
6103| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
6104| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
6105| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
6106| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6107| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
6108| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
6109| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6110| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
6111| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6112| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
6113| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
6114| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6115| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
6116| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
6117| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
6118| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
6119| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6120| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
6121| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
6122| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
6123| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
6124| [20527] Apache Mod_TCL Remote Format String Vulnerability
6125| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
6126| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
6127| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
6128| [19106] Apache Tomcat Information Disclosure Vulnerability
6129| [18138] Apache James SMTP Denial Of Service Vulnerability
6130| [17342] Apache Struts Multiple Remote Vulnerabilities
6131| [17095] Apache Log4Net Denial Of Service Vulnerability
6132| [16916] Apache mod_python FileSession Code Execution Vulnerability
6133| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
6134| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
6135| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
6136| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
6137| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
6138| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
6139| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
6140| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
6141| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
6142| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
6143| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
6144| [15177] PHP Apache 2 Local Denial of Service Vulnerability
6145| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
6146| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
6147| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
6148| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
6149| [14106] Apache HTTP Request Smuggling Vulnerability
6150| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
6151| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
6152| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
6153| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
6154| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
6155| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
6156| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
6157| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
6158| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
6159| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
6160| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
6161| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
6162| [11471] Apache mod_include Local Buffer Overflow Vulnerability
6163| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
6164| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
6165| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
6166| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
6167| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6168| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
6169| [11094] Apache mod_ssl Denial Of Service Vulnerability
6170| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
6171| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
6172| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
6173| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
6174| [10478] ClueCentral Apache Suexec Patch Security Weakness
6175| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
6176| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
6177| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
6178| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
6179| [9921] Apache Connection Blocking Denial Of Service Vulnerability
6180| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
6181| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
6182| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
6183| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
6184| [9733] Apache Cygwin Directory Traversal Vulnerability
6185| [9599] Apache mod_php Global Variables Information Disclosure Weakness
6186| [9590] Apache-SSL Client Certificate Forging Vulnerability
6187| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
6188| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
6189| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
6190| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
6191| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
6192| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
6193| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
6194| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
6195| [8898] Red Hat Apache Directory Index Default Configuration Error
6196| [8883] Apache Cocoon Directory Traversal Vulnerability
6197| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
6198| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
6199| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
6200| [8707] Apache htpasswd Password Entropy Weakness
6201| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
6202| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
6203| [8226] Apache HTTP Server Multiple Vulnerabilities
6204| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
6205| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
6206| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
6207| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
6208| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
6209| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
6210| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
6211| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
6212| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
6213| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
6214| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
6215| [7255] Apache Web Server File Descriptor Leakage Vulnerability
6216| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6217| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
6218| [6939] Apache Web Server ETag Header Information Disclosure Weakness
6219| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
6220| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
6221| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
6222| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
6223| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
6224| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
6225| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
6226| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
6227| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
6228| [6117] Apache mod_php File Descriptor Leakage Vulnerability
6229| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
6230| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
6231| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
6232| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
6233| [5992] Apache HTDigest Insecure Temporary File Vulnerability
6234| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
6235| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
6236| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
6237| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
6238| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
6239| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6240| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
6241| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
6242| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
6243| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
6244| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6245| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
6246| [5485] Apache 2.0 Path Disclosure Vulnerability
6247| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6248| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
6249| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
6250| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
6251| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
6252| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
6253| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
6254| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
6255| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
6256| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
6257| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
6258| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
6259| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
6260| [4437] Apache Error Message Cross-Site Scripting Vulnerability
6261| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
6262| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
6263| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
6264| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
6265| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
6266| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
6267| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
6268| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
6269| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
6270| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
6271| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
6272| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
6273| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
6274| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
6275| [3596] Apache Split-Logfile File Append Vulnerability
6276| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
6277| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
6278| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
6279| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
6280| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
6281| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
6282| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
6283| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
6284| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
6285| [3169] Apache Server Address Disclosure Vulnerability
6286| [3009] Apache Possible Directory Index Disclosure Vulnerability
6287| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
6288| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
6289| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
6290| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
6291| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
6292| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
6293| [2216] Apache Web Server DoS Vulnerability
6294| [2182] Apache /tmp File Race Vulnerability
6295| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
6296| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
6297| [1821] Apache mod_cookies Buffer Overflow Vulnerability
6298| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
6299| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
6300| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
6301| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
6302| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
6303| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
6304| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
6305| [1457] Apache::ASP source.asp Example Script Vulnerability
6306| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
6307| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
6308| ####################################################################################################################################
6309| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6310| [86258] Apache CloudStack text fields cross-site scripting
6311| [85983] Apache Subversion mod_dav_svn module denial of service
6312| [85875] Apache OFBiz UEL code execution
6313| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
6314| [85871] Apache HTTP Server mod_session_dbd unspecified
6315| [85756] Apache Struts OGNL expression command execution
6316| [85755] Apache Struts DefaultActionMapper class open redirect
6317| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
6318| [85574] Apache HTTP Server mod_dav denial of service
6319| [85573] Apache Struts Showcase App OGNL code execution
6320| [85496] Apache CXF denial of service
6321| [85423] Apache Geronimo RMI classloader code execution
6322| [85326] Apache Santuario XML Security for C++ buffer overflow
6323| [85323] Apache Santuario XML Security for Java spoofing
6324| [85319] Apache Qpid Python client SSL spoofing
6325| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
6326| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
6327| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
6328| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
6329| [84952] Apache Tomcat CVE-2012-3544 denial of service
6330| [84763] Apache Struts CVE-2013-2135 security bypass
6331| [84762] Apache Struts CVE-2013-2134 security bypass
6332| [84719] Apache Subversion CVE-2013-2088 command execution
6333| [84718] Apache Subversion CVE-2013-2112 denial of service
6334| [84717] Apache Subversion CVE-2013-1968 denial of service
6335| [84577] Apache Tomcat security bypass
6336| [84576] Apache Tomcat symlink
6337| [84543] Apache Struts CVE-2013-2115 security bypass
6338| [84542] Apache Struts CVE-2013-1966 security bypass
6339| [84154] Apache Tomcat session hijacking
6340| [84144] Apache Tomcat denial of service
6341| [84143] Apache Tomcat information disclosure
6342| [84111] Apache HTTP Server command execution
6343| [84043] Apache Virtual Computing Lab cross-site scripting
6344| [84042] Apache Virtual Computing Lab cross-site scripting
6345| [83782] Apache CloudStack information disclosure
6346| [83781] Apache CloudStack security bypass
6347| [83720] Apache ActiveMQ cross-site scripting
6348| [83719] Apache ActiveMQ denial of service
6349| [83718] Apache ActiveMQ denial of service
6350| [83263] Apache Subversion denial of service
6351| [83262] Apache Subversion denial of service
6352| [83261] Apache Subversion denial of service
6353| [83259] Apache Subversion denial of service
6354| [83035] Apache mod_ruid2 security bypass
6355| [82852] Apache Qpid federation_tag security bypass
6356| [82851] Apache Qpid qpid::framing::Buffer denial of service
6357| [82758] Apache Rave User RPC API information disclosure
6358| [82663] Apache Subversion svn_fs_file_length() denial of service
6359| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
6360| [82641] Apache Qpid AMQP denial of service
6361| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
6362| [82618] Apache Commons FileUpload symlink
6363| [82360] Apache HTTP Server manager interface cross-site scripting
6364| [82359] Apache HTTP Server hostnames cross-site scripting
6365| [82338] Apache Tomcat log/logdir information disclosure
6366| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
6367| [82268] Apache OpenJPA deserialization command execution
6368| [81981] Apache CXF UsernameTokens security bypass
6369| [81980] Apache CXF WS-Security security bypass
6370| [81398] Apache OFBiz cross-site scripting
6371| [81240] Apache CouchDB directory traversal
6372| [81226] Apache CouchDB JSONP code execution
6373| [81225] Apache CouchDB Futon user interface cross-site scripting
6374| [81211] Apache Axis2/C SSL spoofing
6375| [81167] Apache CloudStack DeployVM information disclosure
6376| [81166] Apache CloudStack AddHost API information disclosure
6377| [81165] Apache CloudStack createSSHKeyPair API information disclosure
6378| [80518] Apache Tomcat cross-site request forgery security bypass
6379| [80517] Apache Tomcat FormAuthenticator security bypass
6380| [80516] Apache Tomcat NIO denial of service
6381| [80408] Apache Tomcat replay-countermeasure security bypass
6382| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
6383| [80317] Apache Tomcat slowloris denial of service
6384| [79984] Apache Commons HttpClient SSL spoofing
6385| [79983] Apache CXF SSL spoofing
6386| [79830] Apache Axis2/Java SSL spoofing
6387| [79829] Apache Axis SSL spoofing
6388| [79809] Apache Tomcat DIGEST security bypass
6389| [79806] Apache Tomcat parseHeaders() denial of service
6390| [79540] Apache OFBiz unspecified
6391| [79487] Apache Axis2 SAML security bypass
6392| [79212] Apache Cloudstack code execution
6393| [78734] Apache CXF SOAP Action security bypass
6394| [78730] Apache Qpid broker denial of service
6395| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
6396| [78563] Apache mod_pagespeed module unspecified cross-site scripting
6397| [78562] Apache mod_pagespeed module security bypass
6398| [78454] Apache Axis2 security bypass
6399| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
6400| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
6401| [78321] Apache Wicket unspecified cross-site scripting
6402| [78183] Apache Struts parameters denial of service
6403| [78182] Apache Struts cross-site request forgery
6404| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
6405| [77987] mod_rpaf module for Apache denial of service
6406| [77958] Apache Struts skill name code execution
6407| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
6408| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
6409| [77568] Apache Qpid broker security bypass
6410| [77421] Apache Libcloud spoofing
6411| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
6412| [77046] Oracle Solaris Apache HTTP Server information disclosure
6413| [76837] Apache Hadoop information disclosure
6414| [76802] Apache Sling CopyFrom denial of service
6415| [76692] Apache Hadoop symlink
6416| [76535] Apache Roller console cross-site request forgery
6417| [76534] Apache Roller weblog cross-site scripting
6418| [76152] Apache CXF elements security bypass
6419| [76151] Apache CXF child policies security bypass
6420| [75983] MapServer for Windows Apache file include
6421| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
6422| [75558] Apache POI denial of service
6423| [75545] PHP apache_request_headers() buffer overflow
6424| [75302] Apache Qpid SASL security bypass
6425| [75211] Debian GNU/Linux apache 2 cross-site scripting
6426| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
6427| [74871] Apache OFBiz FlexibleStringExpander code execution
6428| [74870] Apache OFBiz multiple cross-site scripting
6429| [74750] Apache Hadoop unspecified spoofing
6430| [74319] Apache Struts XSLTResult.java file upload
6431| [74313] Apache Traffic Server header buffer overflow
6432| [74276] Apache Wicket directory traversal
6433| [74273] Apache Wicket unspecified cross-site scripting
6434| [74181] Apache HTTP Server mod_fcgid module denial of service
6435| [73690] Apache Struts OGNL code execution
6436| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
6437| [73100] Apache MyFaces in directory traversal
6438| [73096] Apache APR hash denial of service
6439| [73052] Apache Struts name cross-site scripting
6440| [73030] Apache CXF UsernameToken security bypass
6441| [72888] Apache Struts lastName cross-site scripting
6442| [72758] Apache HTTP Server httpOnly information disclosure
6443| [72757] Apache HTTP Server MPM denial of service
6444| [72585] Apache Struts ParameterInterceptor security bypass
6445| [72438] Apache Tomcat Digest security bypass
6446| [72437] Apache Tomcat Digest security bypass
6447| [72436] Apache Tomcat DIGEST security bypass
6448| [72425] Apache Tomcat parameter denial of service
6449| [72422] Apache Tomcat request object information disclosure
6450| [72377] Apache HTTP Server scoreboard security bypass
6451| [72345] Apache HTTP Server HTTP request denial of service
6452| [72229] Apache Struts ExceptionDelegator command execution
6453| [72089] Apache Struts ParameterInterceptor directory traversal
6454| [72088] Apache Struts CookieInterceptor command execution
6455| [72047] Apache Geronimo hash denial of service
6456| [72016] Apache Tomcat hash denial of service
6457| [71711] Apache Struts OGNL expression code execution
6458| [71654] Apache Struts interfaces security bypass
6459| [71620] Apache ActiveMQ failover denial of service
6460| [71617] Apache HTTP Server mod_proxy module information disclosure
6461| [71508] Apache MyFaces EL security bypass
6462| [71445] Apache HTTP Server mod_proxy security bypass
6463| [71203] Apache Tomcat servlets privilege escalation
6464| [71181] Apache HTTP Server ap_pregsub() denial of service
6465| [71093] Apache HTTP Server ap_pregsub() buffer overflow
6466| [70336] Apache HTTP Server mod_proxy information disclosure
6467| [69804] Apache HTTP Server mod_proxy_ajp denial of service
6468| [69472] Apache Tomcat AJP security bypass
6469| [69396] Apache HTTP Server ByteRange filter denial of service
6470| [69394] Apache Wicket multi window support cross-site scripting
6471| [69176] Apache Tomcat XML information disclosure
6472| [69161] Apache Tomcat jsvc information disclosure
6473| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6474| [68541] Apache Tomcat sendfile information disclosure
6475| [68420] Apache XML Security denial of service
6476| [68238] Apache Tomcat JMX information disclosure
6477| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
6478| [67804] Apache Subversion control rules information disclosure
6479| [67803] Apache Subversion control rules denial of service
6480| [67802] Apache Subversion baselined denial of service
6481| [67672] Apache Archiva multiple cross-site scripting
6482| [67671] Apache Archiva multiple cross-site request forgery
6483| [67564] Apache APR apr_fnmatch() denial of service
6484| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
6485| [67515] Apache Tomcat annotations security bypass
6486| [67480] Apache Struts s:submit information disclosure
6487| [67414] Apache APR apr_fnmatch() denial of service
6488| [67356] Apache Struts javatemplates cross-site scripting
6489| [67354] Apache Struts Xwork cross-site scripting
6490| [66676] Apache Tomcat HTTP BIO information disclosure
6491| [66675] Apache Tomcat web.xml security bypass
6492| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
6493| [66241] Apache HttpComponents information disclosure
6494| [66154] Apache Tomcat ServletSecurity security bypass
6495| [65971] Apache Tomcat ServletSecurity security bypass
6496| [65876] Apache Subversion mod_dav_svn denial of service
6497| [65343] Apache Continuum unspecified cross-site scripting
6498| [65162] Apache Tomcat NIO connector denial of service
6499| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
6500| [65160] Apache Tomcat HTML Manager interface cross-site scripting
6501| [65159] Apache Tomcat ServletContect security bypass
6502| [65050] Apache CouchDB web-based administration UI cross-site scripting
6503| [64773] Oracle HTTP Server Apache Plugin unauthorized access
6504| [64473] Apache Subversion blame -g denial of service
6505| [64472] Apache Subversion walk() denial of service
6506| [64407] Apache Axis2 CVE-2010-0219 code execution
6507| [63926] Apache Archiva password privilege escalation
6508| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
6509| [63493] Apache Archiva credentials cross-site request forgery
6510| [63477] Apache Tomcat HttpOnly session hijacking
6511| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
6512| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
6513| [62959] Apache Shiro filters security bypass
6514| [62790] Apache Perl cgi module denial of service
6515| [62576] Apache Qpid exchange denial of service
6516| [62575] Apache Qpid AMQP denial of service
6517| [62354] Apache Qpid SSL denial of service
6518| [62235] Apache APR-util apr_brigade_split_line() denial of service
6519| [62181] Apache XML-RPC SAX Parser information disclosure
6520| [61721] Apache Traffic Server cache poisoning
6521| [61202] Apache Derby BUILTIN authentication functionality information disclosure
6522| [61186] Apache CouchDB Futon cross-site request forgery
6523| [61169] Apache CXF DTD denial of service
6524| [61070] Apache Jackrabbit search.jsp SQL injection
6525| [61006] Apache SLMS Quoting cross-site request forgery
6526| [60962] Apache Tomcat time cross-site scripting
6527| [60883] Apache mod_proxy_http information disclosure
6528| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
6529| [60264] Apache Tomcat Transfer-Encoding denial of service
6530| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
6531| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
6532| [59413] Apache mod_proxy_http timeout information disclosure
6533| [59058] Apache MyFaces unencrypted view state cross-site scripting
6534| [58827] Apache Axis2 xsd file include
6535| [58790] Apache Axis2 modules cross-site scripting
6536| [58299] Apache ActiveMQ queueBrowse cross-site scripting
6537| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
6538| [58056] Apache ActiveMQ .jsp source code disclosure
6539| [58055] Apache Tomcat realm name information disclosure
6540| [58046] Apache HTTP Server mod_auth_shadow security bypass
6541| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
6542| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
6543| [57429] Apache CouchDB algorithms information disclosure
6544| [57398] Apache ActiveMQ Web console cross-site request forgery
6545| [57397] Apache ActiveMQ createDestination.action cross-site scripting
6546| [56653] Apache HTTP Server DNS spoofing
6547| [56652] Apache HTTP Server DNS cross-site scripting
6548| [56625] Apache HTTP Server request header information disclosure
6549| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
6550| [56623] Apache HTTP Server mod_proxy_ajp denial of service
6551| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
6552| [55857] Apache Tomcat WAR files directory traversal
6553| [55856] Apache Tomcat autoDeploy attribute security bypass
6554| [55855] Apache Tomcat WAR directory traversal
6555| [55210] Intuit component for Joomla! Apache information disclosure
6556| [54533] Apache Tomcat 404 error page cross-site scripting
6557| [54182] Apache Tomcat admin default password
6558| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
6559| [53666] Apache HTTP Server Solaris pollset support denial of service
6560| [53650] Apache HTTP Server HTTP basic-auth module security bypass
6561| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
6562| [53041] mod_proxy_ftp module for Apache denial of service
6563| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
6564| [51953] Apache Tomcat Path Disclosure
6565| [51952] Apache Tomcat Path Traversal
6566| [51951] Apache stronghold-status Information Disclosure
6567| [51950] Apache stronghold-info Information Disclosure
6568| [51949] Apache PHP Source Code Disclosure
6569| [51948] Apache Multiviews Attack
6570| [51946] Apache JServ Environment Status Information Disclosure
6571| [51945] Apache error_log Information Disclosure
6572| [51944] Apache Default Installation Page Pattern Found
6573| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
6574| [51942] Apache AXIS XML External Entity File Retrieval
6575| [51941] Apache AXIS Sample Servlet Information Leak
6576| [51940] Apache access_log Information Disclosure
6577| [51626] Apache mod_deflate denial of service
6578| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
6579| [51365] Apache Tomcat RequestDispatcher security bypass
6580| [51273] Apache HTTP Server Incomplete Request denial of service
6581| [51195] Apache Tomcat XML information disclosure
6582| [50994] Apache APR-util xml/apr_xml.c denial of service
6583| [50993] Apache APR-util apr_brigade_vprintf denial of service
6584| [50964] Apache APR-util apr_strmatch_precompile() denial of service
6585| [50930] Apache Tomcat j_security_check information disclosure
6586| [50928] Apache Tomcat AJP denial of service
6587| [50884] Apache HTTP Server XML ENTITY denial of service
6588| [50808] Apache HTTP Server AllowOverride privilege escalation
6589| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
6590| [50059] Apache mod_proxy_ajp information disclosure
6591| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
6592| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
6593| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
6594| [49921] Apache ActiveMQ Web interface cross-site scripting
6595| [49898] Apache Geronimo Services/Repository directory traversal
6596| [49725] Apache Tomcat mod_jk module information disclosure
6597| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
6598| [49712] Apache Struts unspecified cross-site scripting
6599| [49213] Apache Tomcat cal2.jsp cross-site scripting
6600| [48934] Apache Tomcat POST doRead method information disclosure
6601| [48211] Apache Tomcat header HTTP request smuggling
6602| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
6603| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
6604| [47709] Apache Roller "
6605| [47104] Novell Netware ApacheAdmin console security bypass
6606| [47086] Apache HTTP Server OS fingerprinting unspecified
6607| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
6608| [45791] Apache Tomcat RemoteFilterValve security bypass
6609| [44435] Oracle WebLogic Apache Connector buffer overflow
6610| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
6611| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
6612| [44156] Apache Tomcat RequestDispatcher directory traversal
6613| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
6614| [43885] Oracle WebLogic Server Apache Connector buffer overflow
6615| [42987] Apache HTTP Server mod_proxy module denial of service
6616| [42915] Apache Tomcat JSP files path disclosure
6617| [42914] Apache Tomcat MS-DOS path disclosure
6618| [42892] Apache Tomcat unspecified unauthorized access
6619| [42816] Apache Tomcat Host Manager cross-site scripting
6620| [42303] Apache 403 error cross-site scripting
6621| [41618] Apache-SSL ExpandCert() authentication bypass
6622| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
6623| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
6624| [40614] Apache mod_jk2 HTTP Host header buffer overflow
6625| [40562] Apache Geronimo init information disclosure
6626| [40478] Novell Web Manager webadmin-apache.conf security bypass
6627| [40411] Apache Tomcat exception handling information disclosure
6628| [40409] Apache Tomcat native (APR based) connector weak security
6629| [40403] Apache Tomcat quotes and %5C cookie information disclosure
6630| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
6631| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
6632| [39867] Apache HTTP Server mod_negotiation cross-site scripting
6633| [39804] Apache Tomcat SingleSignOn information disclosure
6634| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
6635| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
6636| [39608] Apache HTTP Server balancer manager cross-site request forgery
6637| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
6638| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
6639| [39472] Apache HTTP Server mod_status cross-site scripting
6640| [39201] Apache Tomcat JULI logging weak security
6641| [39158] Apache HTTP Server Windows SMB shares information disclosure
6642| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
6643| [38951] Apache::AuthCAS Perl module cookie SQL injection
6644| [38800] Apache HTTP Server 413 error page cross-site scripting
6645| [38211] Apache Geronimo SQLLoginModule authentication bypass
6646| [37243] Apache Tomcat WebDAV directory traversal
6647| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
6648| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
6649| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
6650| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
6651| [36782] Apache Geronimo MEJB unauthorized access
6652| [36586] Apache HTTP Server UTF-7 cross-site scripting
6653| [36468] Apache Geronimo LoginModule security bypass
6654| [36467] Apache Tomcat functions.jsp cross-site scripting
6655| [36402] Apache Tomcat calendar cross-site request forgery
6656| [36354] Apache HTTP Server mod_proxy module denial of service
6657| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
6658| [36336] Apache Derby lock table privilege escalation
6659| [36335] Apache Derby schema privilege escalation
6660| [36006] Apache Tomcat "
6661| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
6662| [35999] Apache Tomcat \"
6663| [35795] Apache Tomcat CookieExample cross-site scripting
6664| [35536] Apache Tomcat SendMailServlet example cross-site scripting
6665| [35384] Apache HTTP Server mod_cache module denial of service
6666| [35097] Apache HTTP Server mod_status module cross-site scripting
6667| [35095] Apache HTTP Server Prefork MPM module denial of service
6668| [34984] Apache HTTP Server recall_headers information disclosure
6669| [34966] Apache HTTP Server MPM content spoofing
6670| [34965] Apache HTTP Server MPM information disclosure
6671| [34963] Apache HTTP Server MPM multiple denial of service
6672| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
6673| [34869] Apache Tomcat JSP example Web application cross-site scripting
6674| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
6675| [34496] Apache Tomcat JK Connector security bypass
6676| [34377] Apache Tomcat hello.jsp cross-site scripting
6677| [34212] Apache Tomcat SSL configuration security bypass
6678| [34210] Apache Tomcat Accept-Language cross-site scripting
6679| [34209] Apache Tomcat calendar application cross-site scripting
6680| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
6681| [34167] Apache Axis WSDL file path disclosure
6682| [34068] Apache Tomcat AJP connector information disclosure
6683| [33584] Apache HTTP Server suEXEC privilege escalation
6684| [32988] Apache Tomcat proxy module directory traversal
6685| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
6686| [32708] Debian Apache tty privilege escalation
6687| [32441] ApacheStats extract() PHP call unspecified
6688| [32128] Apache Tomcat default account
6689| [31680] Apache Tomcat RequestParamExample cross-site scripting
6690| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
6691| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
6692| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
6693| [30456] Apache mod_auth_kerb off-by-one buffer overflow
6694| [29550] Apache mod_tcl set_var() format string
6695| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
6696| [28357] Apache HTTP Server mod_alias script source information disclosure
6697| [28063] Apache mod_rewrite off-by-one buffer overflow
6698| [27902] Apache Tomcat URL information disclosure
6699| [26786] Apache James SMTP server denial of service
6700| [25680] libapache2 /tmp/svn file upload
6701| [25614] Apache Struts lookupMap cross-site scripting
6702| [25613] Apache Struts ActionForm denial of service
6703| [25612] Apache Struts isCancelled() security bypass
6704| [24965] Apache mod_python FileSession command execution
6705| [24716] Apache James spooler memory leak denial of service
6706| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
6707| [24158] Apache Geronimo jsp-examples cross-site scripting
6708| [24030] Apache auth_ldap module multiple format strings
6709| [24008] Apache mod_ssl custom error message denial of service
6710| [24003] Apache mod_auth_pgsql module multiple syslog format strings
6711| [23612] Apache mod_imap referer field cross-site scripting
6712| [23173] Apache Struts error message cross-site scripting
6713| [22942] Apache Tomcat directory listing denial of service
6714| [22858] Apache Multi-Processing Module code allows denial of service
6715| [22602] RHSA-2005:582 updates for Apache httpd not installed
6716| [22520] Apache mod-auth-shadow "
6717| [22466] ApacheTop symlink
6718| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
6719| [22006] Apache HTTP Server byte-range filter denial of service
6720| [21567] Apache mod_ssl off-by-one buffer overflow
6721| [21195] Apache HTTP Server header HTTP request smuggling
6722| [20383] Apache HTTP Server htdigest buffer overflow
6723| [19681] Apache Tomcat AJP12 request denial of service
6724| [18993] Apache HTTP server check_forensic symlink attack
6725| [18790] Apache Tomcat Manager cross-site scripting
6726| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
6727| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
6728| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
6729| [17961] Apache Web server ServerTokens has not been set
6730| [17930] Apache HTTP Server HTTP GET request denial of service
6731| [17785] Apache mod_include module buffer overflow
6732| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
6733| [17473] Apache HTTP Server Satisfy directive allows access to resources
6734| [17413] Apache htpasswd buffer overflow
6735| [17384] Apache HTTP Server environment variable configuration file buffer overflow
6736| [17382] Apache HTTP Server IPv6 apr_util denial of service
6737| [17366] Apache HTTP Server mod_dav module LOCK denial of service
6738| [17273] Apache HTTP Server speculative mode denial of service
6739| [17200] Apache HTTP Server mod_ssl denial of service
6740| [16890] Apache HTTP Server server-info request has been detected
6741| [16889] Apache HTTP Server server-status request has been detected
6742| [16705] Apache mod_ssl format string attack
6743| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
6744| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
6745| [16230] Apache HTTP Server PHP denial of service
6746| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
6747| [15958] Apache HTTP Server authentication modules memory corruption
6748| [15547] Apache HTTP Server mod_disk_cache local information disclosure
6749| [15540] Apache HTTP Server socket starvation denial of service
6750| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
6751| [15422] Apache HTTP Server mod_access information disclosure
6752| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
6753| [15293] Apache for Cygwin "
6754| [15065] Apache-SSL has a default password
6755| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
6756| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
6757| [14751] Apache Mod_python output filter information disclosure
6758| [14125] Apache HTTP Server mod_userdir module information disclosure
6759| [14075] Apache HTTP Server mod_php file descriptor leak
6760| [13703] Apache HTTP Server account
6761| [13689] Apache HTTP Server configuration allows symlinks
6762| [13688] Apache HTTP Server configuration allows SSI
6763| [13687] Apache HTTP Server Server: header value
6764| [13685] Apache HTTP Server ServerTokens value
6765| [13684] Apache HTTP Server ServerSignature value
6766| [13672] Apache HTTP Server config allows directory autoindexing
6767| [13671] Apache HTTP Server default content
6768| [13670] Apache HTTP Server config file directive references outside content root
6769| [13668] Apache HTTP Server httpd not running in chroot environment
6770| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
6771| [13664] Apache HTTP Server config file contains ScriptAlias entry
6772| [13663] Apache HTTP Server CGI support modules loaded
6773| [13661] Apache HTTP Server config file contains AddHandler entry
6774| [13660] Apache HTTP Server 500 error page not CGI script
6775| [13659] Apache HTTP Server 413 error page not CGI script
6776| [13658] Apache HTTP Server 403 error page not CGI script
6777| [13657] Apache HTTP Server 401 error page not CGI script
6778| [13552] Apache HTTP Server mod_cgid module information disclosure
6779| [13550] Apache GET request directory traversal
6780| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
6781| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
6782| [13429] Apache Tomcat non-HTTP request denial of service
6783| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
6784| [13295] Apache weak password encryption
6785| [13254] Apache Tomcat .jsp cross-site scripting
6786| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
6787| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
6788| [12681] Apache HTTP Server mod_proxy could allow mail relaying
6789| [12662] Apache HTTP Server rotatelogs denial of service
6790| [12554] Apache Tomcat stores password in plain text
6791| [12553] Apache HTTP Server redirects and subrequests denial of service
6792| [12552] Apache HTTP Server FTP proxy server denial of service
6793| [12551] Apache HTTP Server prefork MPM denial of service
6794| [12550] Apache HTTP Server weaker than expected encryption
6795| [12549] Apache HTTP Server type-map file denial of service
6796| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
6797| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
6798| [12091] Apache HTTP Server apr_password_validate denial of service
6799| [12090] Apache HTTP Server apr_psprintf code execution
6800| [11804] Apache HTTP Server mod_access_referer denial of service
6801| [11750] Apache HTTP Server could leak sensitive file descriptors
6802| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
6803| [11703] Apache long slash path allows directory listing
6804| [11695] Apache HTTP Server LF (Line Feed) denial of service
6805| [11694] Apache HTTP Server filestat.c denial of service
6806| [11438] Apache HTTP Server MIME message boundaries information disclosure
6807| [11412] Apache HTTP Server error log terminal escape sequence injection
6808| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
6809| [11195] Apache Tomcat web.xml could be used to read files
6810| [11194] Apache Tomcat URL appended with a null character could list directories
6811| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
6812| [11126] Apache HTTP Server illegal character file disclosure
6813| [11125] Apache HTTP Server DOS device name HTTP POST code execution
6814| [11124] Apache HTTP Server DOS device name denial of service
6815| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
6816| [10938] Apache HTTP Server printenv test CGI cross-site scripting
6817| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
6818| [10575] Apache mod_php module could allow an attacker to take over the httpd process
6819| [10499] Apache HTTP Server WebDAV HTTP POST view source
6820| [10457] Apache HTTP Server mod_ssl "
6821| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
6822| [10414] Apache HTTP Server htdigest multiple buffer overflows
6823| [10413] Apache HTTP Server htdigest temporary file race condition
6824| [10412] Apache HTTP Server htpasswd temporary file race condition
6825| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
6826| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
6827| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
6828| [10280] Apache HTTP Server shared memory scorecard overwrite
6829| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
6830| [10241] Apache HTTP Server Host: header cross-site scripting
6831| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
6832| [10208] Apache HTTP Server mod_dav denial of service
6833| [10206] HP VVOS Apache mod_ssl denial of service
6834| [10200] Apache HTTP Server stderr denial of service
6835| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
6836| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
6837| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
6838| [10098] Slapper worm targets OpenSSL/Apache systems
6839| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
6840| [9875] Apache HTTP Server .var file request could disclose installation path
6841| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
6842| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
6843| [9623] Apache HTTP Server ap_log_rerror() path disclosure
6844| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
6845| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
6846| [9396] Apache Tomcat null character to threads denial of service
6847| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
6848| [9249] Apache HTTP Server chunked encoding heap buffer overflow
6849| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
6850| [8932] Apache Tomcat example class information disclosure
6851| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
6852| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
6853| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
6854| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
6855| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
6856| [8400] Apache HTTP Server mod_frontpage buffer overflows
6857| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
6858| [8308] Apache "
6859| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
6860| [8119] Apache and PHP OPTIONS request reveals "
6861| [8054] Apache is running on the system
6862| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
6863| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
6864| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
6865| [7836] Apache HTTP Server log directory denial of service
6866| [7815] Apache for Windows "
6867| [7810] Apache HTTP request could result in unexpected behavior
6868| [7599] Apache Tomcat reveals installation path
6869| [7494] Apache "
6870| [7419] Apache Web Server could allow remote attackers to overwrite .log files
6871| [7363] Apache Web Server hidden HTTP requests
6872| [7249] Apache mod_proxy denial of service
6873| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
6874| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
6875| [7059] Apache "
6876| [7057] Apache "
6877| [7056] Apache "
6878| [7055] Apache "
6879| [7054] Apache "
6880| [6997] Apache Jakarta Tomcat error message may reveal information
6881| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
6882| [6970] Apache crafted HTTP request could reveal the internal IP address
6883| [6921] Apache long slash path allows directory listing
6884| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
6885| [6527] Apache Web Server for Windows and OS2 denial of service
6886| [6316] Apache Jakarta Tomcat may reveal JSP source code
6887| [6305] Apache Jakarta Tomcat directory traversal
6888| [5926] Linux Apache symbolic link
6889| [5659] Apache Web server discloses files when used with php script
6890| [5310] Apache mod_rewrite allows attacker to view arbitrary files
6891| [5204] Apache WebDAV directory listings
6892| [5197] Apache Web server reveals CGI script source code
6893| [5160] Apache Jakarta Tomcat default installation
6894| [5099] Trustix Secure Linux installs Apache with world writable access
6895| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
6896| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
6897| [4931] Apache source.asp example file allows users to write to files
6898| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
6899| [4205] Apache Jakarta Tomcat delivers file contents
6900| [2084] Apache on Debian by default serves the /usr/doc directory
6901| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
6902| [697] Apache HTTP server beck exploit
6903| [331] Apache cookies buffer overflow
6904| #####################################################################################################################################
6905| Exploit-DB - https://www.exploit-db.com:
6906| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
6907| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6908| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6909| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
6910| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
6911| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
6912| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
6913| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
6914| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
6915| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6916| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
6917| [29859] Apache Roller OGNL Injection
6918| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
6919| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
6920| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
6921| [29290] Apache / PHP 5.x Remote Code Execution Exploit
6922| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
6923| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
6924| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
6925| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
6926| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
6927| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
6928| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
6929| [27096] Apache Geronimo 1.0 Error Page XSS
6930| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
6931| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
6932| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
6933| [25986] Plesk Apache Zeroday Remote Exploit
6934| [25980] Apache Struts includeParams Remote Code Execution
6935| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
6936| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
6937| [24874] Apache Struts ParametersInterceptor Remote Code Execution
6938| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
6939| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
6940| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
6941| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
6942| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
6943| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
6944| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
6945| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
6946| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
6947| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
6948| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
6949| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
6950| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
6951| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
6952| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
6953| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
6954| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6955| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
6956| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
6957| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6958| [21719] Apache 2.0 Path Disclosure Vulnerability
6959| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6960| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
6961| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
6962| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
6963| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
6964| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
6965| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
6966| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
6967| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
6968| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
6969| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
6970| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
6971| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
6972| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
6973| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
6974| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
6975| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
6976| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
6977| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
6978| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
6979| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
6980| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
6981| [20558] Apache 1.2 Web Server DoS Vulnerability
6982| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
6983| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
6984| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
6985| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
6986| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
6987| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
6988| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
6989| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
6990| [19231] PHP apache_request_headers Function Buffer Overflow
6991| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
6992| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
6993| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
6994| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
6995| [18442] Apache httpOnly Cookie Disclosure
6996| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
6997| [18221] Apache HTTP Server Denial of Service
6998| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
6999| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
7000| [17691] Apache Struts < 2.2.0 - Remote Command Execution
7001| [16798] Apache mod_jk 1.2.20 Buffer Overflow
7002| [16782] Apache Win32 Chunked Encoding
7003| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
7004| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
7005| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
7006| [15319] Apache 2.2 (Windows) Local Denial of Service
7007| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
7008| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7009| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
7010| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
7011| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
7012| [12330] Apache OFBiz - Multiple XSS
7013| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
7014| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
7015| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
7016| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
7017| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
7018| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
7019| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
7020| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7021| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7022| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
7023| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
7024| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
7025| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7026| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
7027| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
7028| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
7029| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
7030| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
7031| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
7032| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
7033| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
7034| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
7035| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
7036| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
7037| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
7038| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
7039| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
7040| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
7041| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
7042| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
7043| [466] htpasswd Apache 1.3.31 - Local Exploit
7044| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
7045| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
7046| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
7047| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
7048| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
7049| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
7050| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
7051| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
7052| [9] Apache HTTP Server 2.x Memory Leak Exploit
7053|######################################################################################################################################
7054| OpenVAS (Nessus) - http://www.openvas.org:
7055| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
7056| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
7057| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7058| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
7059| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
7060| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7061| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7062| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
7063| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
7064| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
7065| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
7066| [900571] Apache APR-Utils Version Detection
7067| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
7068| [900496] Apache Tiles Multiple XSS Vulnerability
7069| [900493] Apache Tiles Version Detection
7070| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
7071| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
7072| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
7073| [870175] RedHat Update for apache RHSA-2008:0004-01
7074| [864591] Fedora Update for apache-poi FEDORA-2012-10835
7075| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
7076| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
7077| [864250] Fedora Update for apache-poi FEDORA-2012-7683
7078| [864249] Fedora Update for apache-poi FEDORA-2012-7686
7079| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
7080| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
7081| [855821] Solaris Update for Apache 1.3 122912-19
7082| [855812] Solaris Update for Apache 1.3 122911-19
7083| [855737] Solaris Update for Apache 1.3 122911-17
7084| [855731] Solaris Update for Apache 1.3 122912-17
7085| [855695] Solaris Update for Apache 1.3 122911-16
7086| [855645] Solaris Update for Apache 1.3 122912-16
7087| [855587] Solaris Update for kernel update and Apache 108529-29
7088| [855566] Solaris Update for Apache 116973-07
7089| [855531] Solaris Update for Apache 116974-07
7090| [855524] Solaris Update for Apache 2 120544-14
7091| [855494] Solaris Update for Apache 1.3 122911-15
7092| [855478] Solaris Update for Apache Security 114145-11
7093| [855472] Solaris Update for Apache Security 113146-12
7094| [855179] Solaris Update for Apache 1.3 122912-15
7095| [855147] Solaris Update for kernel update and Apache 108528-29
7096| [855077] Solaris Update for Apache 2 120543-14
7097| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
7098| [850088] SuSE Update for apache2 SUSE-SA:2007:061
7099| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
7100| [841209] Ubuntu Update for apache2 USN-1627-1
7101| [840900] Ubuntu Update for apache2 USN-1368-1
7102| [840798] Ubuntu Update for apache2 USN-1259-1
7103| [840734] Ubuntu Update for apache2 USN-1199-1
7104| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
7105| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
7106| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
7107| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
7108| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
7109| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
7110| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
7111| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7112| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7113| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
7114| [835236] HP-UX Update for Apache with PHP HPSBUX02543
7115| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7116| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7117| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7118| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7119| [835188] HP-UX Update for Apache HPSBUX02308
7120| [835181] HP-UX Update for Apache With PHP HPSBUX02332
7121| [835180] HP-UX Update for Apache with PHP HPSBUX02342
7122| [835172] HP-UX Update for Apache HPSBUX02365
7123| [835168] HP-UX Update for Apache HPSBUX02313
7124| [835148] HP-UX Update for Apache HPSBUX01064
7125| [835139] HP-UX Update for Apache with PHP HPSBUX01090
7126| [835131] HP-UX Update for Apache HPSBUX00256
7127| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
7128| [835104] HP-UX Update for Apache HPSBUX00224
7129| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
7130| [835101] HP-UX Update for Apache HPSBUX01232
7131| [835080] HP-UX Update for Apache HPSBUX02273
7132| [835078] HP-UX Update for ApacheStrong HPSBUX00255
7133| [835044] HP-UX Update for Apache HPSBUX01019
7134| [835040] HP-UX Update for Apache PHP HPSBUX00207
7135| [835025] HP-UX Update for Apache HPSBUX00197
7136| [835023] HP-UX Update for Apache HPSBUX01022
7137| [835022] HP-UX Update for Apache HPSBUX02292
7138| [835005] HP-UX Update for Apache HPSBUX02262
7139| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
7140| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
7141| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
7142| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
7143| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
7144| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
7145| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
7146| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
7147| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
7148| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
7149| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
7150| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
7151| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
7152| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
7153| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
7154| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
7155| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
7156| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
7157| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
7158| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
7159| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
7160| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
7161| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
7162| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
7163| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
7164| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
7165| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7166| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
7167| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
7168| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
7169| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7170| [801942] Apache Archiva Multiple Vulnerabilities
7171| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
7172| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
7173| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
7174| [801284] Apache Derby Information Disclosure Vulnerability
7175| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
7176| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
7177| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
7178| [800680] Apache APR Version Detection
7179| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7180| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7181| [800677] Apache Roller Version Detection
7182| [800279] Apache mod_jk Module Version Detection
7183| [800278] Apache Struts Cross Site Scripting Vulnerability
7184| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
7185| [800276] Apache Struts Version Detection
7186| [800271] Apache Struts Directory Traversal Vulnerability
7187| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
7188| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7189| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7190| [103122] Apache Web Server ETag Header Information Disclosure Weakness
7191| [103074] Apache Continuum Cross Site Scripting Vulnerability
7192| [103073] Apache Continuum Detection
7193| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7194| [101023] Apache Open For Business Weak Password security check
7195| [101020] Apache Open For Business HTML injection vulnerability
7196| [101019] Apache Open For Business service detection
7197| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
7198| [100923] Apache Archiva Detection
7199| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7200| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7201| [100813] Apache Axis2 Detection
7202| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7203| [100795] Apache Derby Detection
7204| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
7205| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7206| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7207| [100514] Apache Multiple Security Vulnerabilities
7208| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7209| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7210| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7211| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7212| [72626] Debian Security Advisory DSA 2579-1 (apache2)
7213| [72612] FreeBSD Ports: apache22
7214| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
7215| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
7216| [71512] FreeBSD Ports: apache
7217| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
7218| [71256] Debian Security Advisory DSA 2452-1 (apache2)
7219| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
7220| [70737] FreeBSD Ports: apache
7221| [70724] Debian Security Advisory DSA 2405-1 (apache2)
7222| [70600] FreeBSD Ports: apache
7223| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
7224| [70235] Debian Security Advisory DSA 2298-2 (apache2)
7225| [70233] Debian Security Advisory DSA 2298-1 (apache2)
7226| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
7227| [69338] Debian Security Advisory DSA 2202-1 (apache2)
7228| [67868] FreeBSD Ports: apache
7229| [66816] FreeBSD Ports: apache
7230| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
7231| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
7232| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
7233| [66081] SLES11: Security update for Apache 2
7234| [66074] SLES10: Security update for Apache 2
7235| [66070] SLES9: Security update for Apache 2
7236| [65998] SLES10: Security update for apache2-mod_python
7237| [65893] SLES10: Security update for Apache 2
7238| [65888] SLES10: Security update for Apache 2
7239| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
7240| [65510] SLES9: Security update for Apache 2
7241| [65472] SLES9: Security update for Apache
7242| [65467] SLES9: Security update for Apache
7243| [65450] SLES9: Security update for apache2
7244| [65390] SLES9: Security update for Apache2
7245| [65363] SLES9: Security update for Apache2
7246| [65309] SLES9: Security update for Apache and mod_ssl
7247| [65296] SLES9: Security update for webdav apache module
7248| [65283] SLES9: Security update for Apache2
7249| [65249] SLES9: Security update for Apache 2
7250| [65230] SLES9: Security update for Apache 2
7251| [65228] SLES9: Security update for Apache 2
7252| [65212] SLES9: Security update for apache2-mod_python
7253| [65209] SLES9: Security update for apache2-worker
7254| [65207] SLES9: Security update for Apache 2
7255| [65168] SLES9: Security update for apache2-mod_python
7256| [65142] SLES9: Security update for Apache2
7257| [65136] SLES9: Security update for Apache 2
7258| [65132] SLES9: Security update for apache
7259| [65131] SLES9: Security update for Apache 2 oes/CORE
7260| [65113] SLES9: Security update for apache2
7261| [65072] SLES9: Security update for apache and mod_ssl
7262| [65017] SLES9: Security update for Apache 2
7263| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
7264| [64783] FreeBSD Ports: apache
7265| [64774] Ubuntu USN-802-2 (apache2)
7266| [64653] Ubuntu USN-813-2 (apache2)
7267| [64559] Debian Security Advisory DSA 1834-2 (apache2)
7268| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
7269| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
7270| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
7271| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
7272| [64443] Ubuntu USN-802-1 (apache2)
7273| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
7274| [64423] Debian Security Advisory DSA 1834-1 (apache2)
7275| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
7276| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
7277| [64251] Debian Security Advisory DSA 1816-1 (apache2)
7278| [64201] Ubuntu USN-787-1 (apache2)
7279| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
7280| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
7281| [63565] FreeBSD Ports: apache
7282| [63562] Ubuntu USN-731-1 (apache2)
7283| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
7284| [61185] FreeBSD Ports: apache
7285| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
7286| [60387] Slackware Advisory SSA:2008-045-02 apache
7287| [58826] FreeBSD Ports: apache-tomcat
7288| [58825] FreeBSD Ports: apache-tomcat
7289| [58804] FreeBSD Ports: apache
7290| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
7291| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
7292| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
7293| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
7294| [57335] Debian Security Advisory DSA 1167-1 (apache)
7295| [57201] Debian Security Advisory DSA 1131-1 (apache)
7296| [57200] Debian Security Advisory DSA 1132-1 (apache2)
7297| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
7298| [57145] FreeBSD Ports: apache
7299| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
7300| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
7301| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
7302| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
7303| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
7304| [56067] FreeBSD Ports: apache
7305| [55803] Slackware Advisory SSA:2005-310-04 apache
7306| [55519] Debian Security Advisory DSA 839-1 (apachetop)
7307| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
7308| [55355] FreeBSD Ports: apache
7309| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
7310| [55261] Debian Security Advisory DSA 805-1 (apache2)
7311| [55259] Debian Security Advisory DSA 803-1 (apache)
7312| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
7313| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
7314| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
7315| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
7316| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
7317| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
7318| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
7319| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
7320| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
7321| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
7322| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
7323| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
7324| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
7325| [54439] FreeBSD Ports: apache
7326| [53931] Slackware Advisory SSA:2004-133-01 apache
7327| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
7328| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
7329| [53878] Slackware Advisory SSA:2003-308-01 apache security update
7330| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
7331| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
7332| [53848] Debian Security Advisory DSA 131-1 (apache)
7333| [53784] Debian Security Advisory DSA 021-1 (apache)
7334| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
7335| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
7336| [53735] Debian Security Advisory DSA 187-1 (apache)
7337| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
7338| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
7339| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
7340| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
7341| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
7342| [53282] Debian Security Advisory DSA 594-1 (apache)
7343| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
7344| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
7345| [53215] Debian Security Advisory DSA 525-1 (apache)
7346| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
7347| [52529] FreeBSD Ports: apache+ssl
7348| [52501] FreeBSD Ports: apache
7349| [52461] FreeBSD Ports: apache
7350| [52390] FreeBSD Ports: apache
7351| [52389] FreeBSD Ports: apache
7352| [52388] FreeBSD Ports: apache
7353| [52383] FreeBSD Ports: apache
7354| [52339] FreeBSD Ports: apache+mod_ssl
7355| [52331] FreeBSD Ports: apache
7356| [52329] FreeBSD Ports: ru-apache+mod_ssl
7357| [52314] FreeBSD Ports: apache
7358| [52310] FreeBSD Ports: apache
7359| [15588] Detect Apache HTTPS
7360| [15555] Apache mod_proxy content-length buffer overflow
7361| [15554] Apache mod_include priviledge escalation
7362| [14771] Apache <= 1.3.33 htpasswd local overflow
7363| [14177] Apache mod_access rule bypass
7364| [13644] Apache mod_rootme Backdoor
7365| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
7366| [12280] Apache Connection Blocking Denial of Service
7367| [12239] Apache Error Log Escape Sequence Injection
7368| [12123] Apache Tomcat source.jsp malformed request information disclosure
7369| [12085] Apache Tomcat servlet/JSP container default files
7370| [11438] Apache Tomcat Directory Listing and File disclosure
7371| [11204] Apache Tomcat Default Accounts
7372| [11092] Apache 2.0.39 Win32 directory traversal
7373| [11046] Apache Tomcat TroubleShooter Servlet Installed
7374| [11042] Apache Tomcat DOS Device Name XSS
7375| [11041] Apache Tomcat /servlet Cross Site Scripting
7376| [10938] Apache Remote Command Execution via .bat files
7377| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
7378| [10773] MacOS X Finder reveals contents of Apache Web files
7379| [10766] Apache UserDir Sensitive Information Disclosure
7380| [10756] MacOS X Finder reveals contents of Apache Web directories
7381| [10752] Apache Auth Module SQL Insertion Attack
7382| [10704] Apache Directory Listing
7383| [10678] Apache /server-info accessible
7384| [10677] Apache /server-status accessible
7385| [10440] Check for Apache Multiple / vulnerability
7386#######################################################################################################################################
7387| SecurityTracker - https://www.securitytracker.com:
7388| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
7389| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
7390| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
7391| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
7392| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7393| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7394| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7395| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
7396| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
7397| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
7398| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7399| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
7400| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
7401| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
7402| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
7403| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
7404| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
7405| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
7406| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
7407| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
7408| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
7409| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
7410| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
7411| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7412| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
7413| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7414| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7415| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
7416| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
7417| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
7418| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
7419| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
7420| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
7421| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
7422| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
7423| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
7424| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
7425| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
7426| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
7427| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
7428| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
7429| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
7430| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
7431| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
7432| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
7433| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
7434| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7435| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
7436| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
7437| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
7438| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
7439| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
7440| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
7441| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
7442| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
7443| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
7444| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
7445| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
7446| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
7447| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
7448| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
7449| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
7450| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
7451| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
7452| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
7453| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
7454| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
7455| [1024096] Apache mod_proxy_http May Return Results for a Different Request
7456| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
7457| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
7458| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
7459| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
7460| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
7461| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
7462| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
7463| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
7464| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
7465| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
7466| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
7467| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
7468| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
7469| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7470| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
7471| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
7472| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
7473| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
7474| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
7475| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7476| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
7477| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
7478| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
7479| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
7480| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
7481| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
7482| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
7483| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
7484| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
7485| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7486| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
7487| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
7488| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
7489| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
7490| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
7491| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
7492| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
7493| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
7494| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
7495| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
7496| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
7497| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
7498| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
7499| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
7500| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
7501| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
7502| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
7503| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
7504| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
7505| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
7506| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
7507| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
7508| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
7509| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
7510| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
7511| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
7512| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
7513| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
7514| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
7515| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
7516| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
7517| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
7518| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
7519| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
7520| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
7521| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
7522| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
7523| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
7524| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
7525| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
7526| [1008920] Apache mod_digest May Validate Replayed Client Responses
7527| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
7528| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
7529| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
7530| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
7531| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
7532| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
7533| [1008030] Apache mod_rewrite Contains a Buffer Overflow
7534| [1008029] Apache mod_alias Contains a Buffer Overflow
7535| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
7536| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
7537| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
7538| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
7539| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
7540| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
7541| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
7542| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
7543| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
7544| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
7545| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
7546| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
7547| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
7548| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
7549| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
7550| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
7551| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
7552| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
7553| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
7554| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
7555| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
7556| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
7557| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
7558| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
7559| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
7560| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
7561| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
7562| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
7563| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
7564| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
7565| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
7566| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
7567| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
7568| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
7569| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
7570| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
7571| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
7572| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
7573| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7574| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7575| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
7576| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
7577| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
7578| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
7579| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
7580| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
7581| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
7582| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
7583| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
7584| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
7585| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
7586| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
7587| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
7588| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
7589| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
7590| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
7591|
7592| OSVDB - http://www.osvdb.org:
7593| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
7594| [96077] Apache CloudStack Global Settings Multiple Field XSS
7595| [96076] Apache CloudStack Instances Menu Display Name Field XSS
7596| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
7597| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
7598| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
7599| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
7600| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
7601| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
7602| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
7603| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
7604| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
7605| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7606| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
7607| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
7608| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
7609| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
7610| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7611| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
7612| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
7613| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
7614| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
7615| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
7616| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
7617| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
7618| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
7619| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
7620| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
7621| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
7622| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
7623| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
7624| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
7625| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
7626| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
7627| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
7628| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
7629| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
7630| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
7631| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
7632| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
7633| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
7634| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
7635| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
7636| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
7637| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
7638| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
7639| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
7640| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
7641| [94279] Apache Qpid CA Certificate Validation Bypass
7642| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
7643| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
7644| [94042] Apache Axis JAX-WS Java Unspecified Exposure
7645| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
7646| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
7647| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
7648| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
7649| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
7650| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
7651| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
7652| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
7653| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
7654| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
7655| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
7656| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
7657| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
7658| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
7659| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
7660| [93541] Apache Solr json.wrf Callback XSS
7661| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
7662| [93521] Apache jUDDI Security API Token Session Persistence Weakness
7663| [93520] Apache CloudStack Default SSL Key Weakness
7664| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
7665| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
7666| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
7667| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
7668| [93515] Apache HBase table.jsp name Parameter XSS
7669| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
7670| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
7671| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
7672| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
7673| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
7674| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
7675| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
7676| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
7677| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
7678| [93252] Apache Tomcat FORM Authenticator Session Fixation
7679| [93172] Apache Camel camel/endpoints/ Endpoint XSS
7680| [93171] Apache Sling HtmlResponse Error Message XSS
7681| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
7682| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
7683| [93168] Apache Click ErrorReport.java id Parameter XSS
7684| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
7685| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
7686| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
7687| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
7688| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
7689| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
7690| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
7691| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
7692| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
7693| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
7694| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
7695| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
7696| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
7697| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
7698| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
7699| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
7700| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
7701| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
7702| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
7703| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
7704| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
7705| [93144] Apache Solr Admin Command Execution CSRF
7706| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
7707| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
7708| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
7709| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
7710| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
7711| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
7712| [92748] Apache CloudStack VM Console Access Restriction Bypass
7713| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
7714| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
7715| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
7716| [92706] Apache ActiveMQ Debug Log Rendering XSS
7717| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
7718| [92270] Apache Tomcat Unspecified CSRF
7719| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
7720| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
7721| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
7722| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
7723| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
7724| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
7725| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
7726| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
7727| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
7728| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
7729| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
7730| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
7731| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
7732| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
7733| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
7734| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
7735| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
7736| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
7737| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
7738| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
7739| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
7740| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
7741| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
7742| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
7743| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
7744| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
7745| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
7746| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
7747| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
7748| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
7749| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
7750| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
7751| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
7752| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
7753| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
7754| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
7755| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
7756| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
7757| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
7758| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
7759| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
7760| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
7761| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
7762| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
7763| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
7764| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
7765| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
7766| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
7767| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
7768| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
7769| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
7770| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
7771| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
7772| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
7773| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
7774| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
7775| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
7776| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
7777| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
7778| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
7779| [86901] Apache Tomcat Error Message Path Disclosure
7780| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
7781| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
7782| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
7783| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
7784| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
7785| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
7786| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
7787| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
7788| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
7789| [85430] Apache mod_pagespeed Module Unspecified XSS
7790| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
7791| [85249] Apache Wicket Unspecified XSS
7792| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
7793| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
7794| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
7795| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
7796| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
7797| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
7798| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
7799| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
7800| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
7801| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
7802| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
7803| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
7804| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
7805| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
7806| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
7807| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
7808| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
7809| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
7810| [83339] Apache Roller Blogger Roll Unspecified XSS
7811| [83270] Apache Roller Unspecified Admin Action CSRF
7812| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
7813| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
7814| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
7815| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
7816| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
7817| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
7818| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
7819| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
7820| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
7821| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
7822| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
7823| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
7824| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
7825| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
7826| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
7827| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
7828| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
7829| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
7830| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
7831| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
7832| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
7833| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
7834| [80300] Apache Wicket wicket:pageMapName Parameter XSS
7835| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
7836| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
7837| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
7838| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
7839| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
7840| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
7841| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
7842| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
7843| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
7844| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
7845| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
7846| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
7847| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
7848| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
7849| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
7850| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
7851| [78331] Apache Tomcat Request Object Recycling Information Disclosure
7852| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
7853| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
7854| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
7855| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
7856| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
7857| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
7858| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
7859| [77593] Apache Struts Conversion Error OGNL Expression Injection
7860| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
7861| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
7862| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
7863| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
7864| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
7865| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
7866| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
7867| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
7868| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
7869| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
7870| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
7871| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
7872| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
7873| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
7874| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
7875| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
7876| [74725] Apache Wicket Multi Window Support Unspecified XSS
7877| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
7878| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
7879| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
7880| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
7881| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
7882| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
7883| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
7884| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
7885| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
7886| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
7887| [73644] Apache XML Security Signature Key Parsing Overflow DoS
7888| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
7889| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
7890| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
7891| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
7892| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
7893| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
7894| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
7895| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
7896| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
7897| [73154] Apache Archiva Multiple Unspecified CSRF
7898| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
7899| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
7900| [72238] Apache Struts Action / Method Names <
7901| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
7902| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
7903| [71557] Apache Tomcat HTML Manager Multiple XSS
7904| [71075] Apache Archiva User Management Page XSS
7905| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
7906| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
7907| [70924] Apache Continuum Multiple Admin Function CSRF
7908| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
7909| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
7910| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
7911| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
7912| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
7913| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
7914| [69520] Apache Archiva Administrator Credential Manipulation CSRF
7915| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
7916| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
7917| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
7918| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
7919| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
7920| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
7921| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
7922| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
7923| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
7924| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
7925| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
7926| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
7927| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
7928| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
7929| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
7930| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
7931| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
7932| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
7933| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
7934| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
7935| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
7936| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
7937| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
7938| [65054] Apache ActiveMQ Jetty Error Handler XSS
7939| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
7940| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
7941| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
7942| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
7943| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
7944| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
7945| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
7946| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
7947| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
7948| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
7949| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
7950| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
7951| [63895] Apache HTTP Server mod_headers Unspecified Issue
7952| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
7953| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
7954| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
7955| [63140] Apache Thrift Service Malformed Data Remote DoS
7956| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
7957| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
7958| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
7959| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
7960| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
7961| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
7962| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
7963| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
7964| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
7965| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
7966| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
7967| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
7968| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
7969| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
7970| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
7971| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
7972| [60678] Apache Roller Comment Email Notification Manipulation DoS
7973| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
7974| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
7975| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
7976| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
7977| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
7978| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
7979| [60232] PHP on Apache php.exe Direct Request Remote DoS
7980| [60176] Apache Tomcat Windows Installer Admin Default Password
7981| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
7982| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
7983| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
7984| [59944] Apache Hadoop jobhistory.jsp XSS
7985| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
7986| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
7987| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
7988| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
7989| [59019] Apache mod_python Cookie Salting Weakness
7990| [59018] Apache Harmony Error Message Handling Overflow
7991| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
7992| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
7993| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
7994| [59010] Apache Solr get-file.jsp XSS
7995| [59009] Apache Solr action.jsp XSS
7996| [59008] Apache Solr analysis.jsp XSS
7997| [59007] Apache Solr schema.jsp Multiple Parameter XSS
7998| [59006] Apache Beehive select / checkbox Tag XSS
7999| [59005] Apache Beehive jpfScopeID Global Parameter XSS
8000| [59004] Apache Beehive Error Message XSS
8001| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
8002| [59002] Apache Jetspeed default-page.psml URI XSS
8003| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
8004| [59000] Apache CXF Unsigned Message Policy Bypass
8005| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
8006| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
8007| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
8008| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
8009| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
8010| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
8011| [58993] Apache Hadoop browseBlock.jsp XSS
8012| [58991] Apache Hadoop browseDirectory.jsp XSS
8013| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
8014| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
8015| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
8016| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
8017| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
8018| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
8019| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
8020| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
8021| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
8022| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
8023| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
8024| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
8025| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
8026| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
8027| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
8028| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
8029| [58974] Apache Sling /apps Script User Session Management Access Weakness
8030| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
8031| [58931] Apache Geronimo Cookie Parameters Validation Weakness
8032| [58930] Apache Xalan-C++ XPath Handling Remote DoS
8033| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
8034| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
8035| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
8036| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
8037| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
8038| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
8039| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
8040| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
8041| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
8042| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
8043| [58805] Apache Derby Unauthenticated Database / Admin Access
8044| [58804] Apache Wicket Header Contribution Unspecified Issue
8045| [58803] Apache Wicket Session Fixation
8046| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
8047| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
8048| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
8049| [58799] Apache Tapestry Logging Cleartext Password Disclosure
8050| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
8051| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
8052| [58796] Apache Jetspeed Unsalted Password Storage Weakness
8053| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
8054| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
8055| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
8056| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
8057| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
8058| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
8059| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
8060| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
8061| [58775] Apache JSPWiki preview.jsp action Parameter XSS
8062| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8063| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
8064| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
8065| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
8066| [58770] Apache JSPWiki Group.jsp group Parameter XSS
8067| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
8068| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
8069| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
8070| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
8071| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8072| [58763] Apache JSPWiki Include Tag Multiple Script XSS
8073| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
8074| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
8075| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
8076| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
8077| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
8078| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
8079| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
8080| [58755] Apache Harmony DRLVM Non-public Class Member Access
8081| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
8082| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
8083| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
8084| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
8085| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
8086| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
8087| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
8088| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
8089| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
8090| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
8091| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
8092| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
8093| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
8094| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
8095| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
8096| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
8097| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
8098| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
8099| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
8100| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
8101| [58725] Apache Tapestry Basic String ACL Bypass Weakness
8102| [58724] Apache Roller Logout Functionality Failure Session Persistence
8103| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
8104| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
8105| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
8106| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
8107| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
8108| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
8109| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
8110| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
8111| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
8112| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
8113| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
8114| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
8115| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
8116| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
8117| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
8118| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
8119| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
8120| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
8121| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
8122| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
8123| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
8124| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
8125| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
8126| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
8127| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
8128| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
8129| [58687] Apache Axis Invalid wsdl Request XSS
8130| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
8131| [58685] Apache Velocity Template Designer Privileged Code Execution
8132| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
8133| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
8134| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
8135| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
8136| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
8137| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
8138| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
8139| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
8140| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
8141| [58667] Apache Roller Database Cleartext Passwords Disclosure
8142| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
8143| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
8144| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
8145| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
8146| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
8147| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
8148| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
8149| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
8150| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
8151| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
8152| [56984] Apache Xerces2 Java Malformed XML Input DoS
8153| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
8154| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
8155| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
8156| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
8157| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
8158| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
8159| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8160| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
8161| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
8162| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
8163| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
8164| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
8165| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
8166| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
8167| [55056] Apache Tomcat Cross-application TLD File Manipulation
8168| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
8169| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
8170| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
8171| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
8172| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
8173| [54589] Apache Jserv Nonexistent JSP Request XSS
8174| [54122] Apache Struts s:a / s:url Tag href Element XSS
8175| [54093] Apache ActiveMQ Web Console JMS Message XSS
8176| [53932] Apache Geronimo Multiple Admin Function CSRF
8177| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
8178| [53930] Apache Geronimo /console/portal/ URI XSS
8179| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
8180| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
8181| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
8182| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
8183| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
8184| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
8185| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
8186| [53380] Apache Struts Unspecified XSS
8187| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
8188| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
8189| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
8190| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
8191| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
8192| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
8193| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
8194| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
8195| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
8196| [51151] Apache Roller Search Function q Parameter XSS
8197| [50482] PHP with Apache php_value Order Unspecified Issue
8198| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
8199| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
8200| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
8201| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
8202| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
8203| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
8204| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
8205| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
8206| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
8207| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
8208| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
8209| [47096] Oracle Weblogic Apache Connector POST Request Overflow
8210| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
8211| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
8212| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
8213| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
8214| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
8215| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
8216| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
8217| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
8218| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
8219| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
8220| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
8221| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
8222| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
8223| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
8224| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
8225| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
8226| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
8227| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
8228| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
8229| [43452] Apache Tomcat HTTP Request Smuggling
8230| [43309] Apache Geronimo LoginModule Login Method Bypass
8231| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
8232| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
8233| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
8234| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
8235| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
8236| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
8237| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
8238| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
8239| [42091] Apache Maven Site Plugin Installation Permission Weakness
8240| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
8241| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
8242| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
8243| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
8244| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
8245| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
8246| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
8247| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
8248| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
8249| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
8250| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
8251| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
8252| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
8253| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
8254| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
8255| [40262] Apache HTTP Server mod_status refresh XSS
8256| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
8257| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
8258| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
8259| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
8260| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
8261| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
8262| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
8263| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
8264| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
8265| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
8266| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
8267| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
8268| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
8269| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
8270| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
8271| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
8272| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
8273| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
8274| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
8275| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
8276| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
8277| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
8278| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
8279| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
8280| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
8281| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
8282| [36080] Apache Tomcat JSP Examples Crafted URI XSS
8283| [36079] Apache Tomcat Manager Uploaded Filename XSS
8284| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
8285| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
8286| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
8287| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
8288| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
8289| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
8290| [34881] Apache Tomcat Malformed Accept-Language Header XSS
8291| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
8292| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
8293| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
8294| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
8295| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
8296| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
8297| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
8298| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
8299| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
8300| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
8301| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
8302| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
8303| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
8304| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
8305| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
8306| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
8307| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
8308| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
8309| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
8310| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
8311| [32724] Apache mod_python _filter_read Freed Memory Disclosure
8312| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
8313| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
8314| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
8315| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8316| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
8317| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
8318| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
8319| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
8320| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
8321| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
8322| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
8323| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
8324| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
8325| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
8326| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
8327| [24365] Apache Struts Multiple Function Error Message XSS
8328| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
8329| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
8330| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
8331| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
8332| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
8333| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
8334| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
8335| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
8336| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
8337| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
8338| [22459] Apache Geronimo Error Page XSS
8339| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
8340| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
8341| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
8342| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
8343| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
8344| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
8345| [21021] Apache Struts Error Message XSS
8346| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
8347| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
8348| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
8349| [20439] Apache Tomcat Directory Listing Saturation DoS
8350| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
8351| [20285] Apache HTTP Server Log File Control Character Injection
8352| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
8353| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
8354| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
8355| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
8356| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
8357| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
8358| [19821] Apache Tomcat Malformed Post Request Information Disclosure
8359| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
8360| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
8361| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
8362| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
8363| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
8364| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
8365| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
8366| [18233] Apache HTTP Server htdigest user Variable Overfow
8367| [17738] Apache HTTP Server HTTP Request Smuggling
8368| [16586] Apache HTTP Server Win32 GET Overflow DoS
8369| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
8370| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
8371| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
8372| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
8373| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
8374| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
8375| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
8376| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
8377| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
8378| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
8379| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
8380| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
8381| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
8382| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
8383| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
8384| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
8385| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
8386| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
8387| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
8388| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
8389| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
8390| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
8391| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
8392| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
8393| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
8394| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
8395| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
8396| [13304] Apache Tomcat realPath.jsp Path Disclosure
8397| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
8398| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
8399| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
8400| [12848] Apache HTTP Server htdigest realm Variable Overflow
8401| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
8402| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
8403| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
8404| [12557] Apache HTTP Server prefork MPM accept Error DoS
8405| [12233] Apache Tomcat MS-DOS Device Name Request DoS
8406| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
8407| [12231] Apache Tomcat web.xml Arbitrary File Access
8408| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
8409| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
8410| [12178] Apache Jakarta Lucene results.jsp XSS
8411| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
8412| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
8413| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
8414| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
8415| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
8416| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
8417| [10471] Apache Xerces-C++ XML Parser DoS
8418| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
8419| [10068] Apache HTTP Server htpasswd Local Overflow
8420| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
8421| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
8422| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
8423| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
8424| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
8425| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
8426| [9717] Apache HTTP Server mod_cookies Cookie Overflow
8427| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
8428| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
8429| [9714] Apache Authentication Module Threaded MPM DoS
8430| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
8431| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
8432| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
8433| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
8434| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
8435| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
8436| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
8437| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
8438| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
8439| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
8440| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
8441| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
8442| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
8443| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
8444| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
8445| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
8446| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
8447| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
8448| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
8449| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
8450| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
8451| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
8452| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
8453| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
8454| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
8455| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
8456| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
8457| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
8458| [9208] Apache Tomcat .jsp Encoded Newline XSS
8459| [9204] Apache Tomcat ROOT Application XSS
8460| [9203] Apache Tomcat examples Application XSS
8461| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
8462| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
8463| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
8464| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
8465| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
8466| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
8467| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
8468| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
8469| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
8470| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
8471| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
8472| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
8473| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
8474| [7611] Apache HTTP Server mod_alias Local Overflow
8475| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
8476| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
8477| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
8478| [6882] Apache mod_python Malformed Query String Variant DoS
8479| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
8480| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
8481| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
8482| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
8483| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
8484| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
8485| [5526] Apache Tomcat Long .JSP URI Path Disclosure
8486| [5278] Apache Tomcat web.xml Restriction Bypass
8487| [5051] Apache Tomcat Null Character DoS
8488| [4973] Apache Tomcat servlet Mapping XSS
8489| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
8490| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
8491| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
8492| [4568] mod_survey For Apache ENV Tags SQL Injection
8493| [4553] Apache HTTP Server ApacheBench Overflow DoS
8494| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
8495| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
8496| [4383] Apache HTTP Server Socket Race Condition DoS
8497| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
8498| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
8499| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
8500| [4231] Apache Cocoon Error Page Server Path Disclosure
8501| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
8502| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
8503| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
8504| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
8505| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
8506| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
8507| [3322] mod_php for Apache HTTP Server Process Hijack
8508| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
8509| [2885] Apache mod_python Malformed Query String DoS
8510| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
8511| [2733] Apache HTTP Server mod_rewrite Local Overflow
8512| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
8513| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
8514| [2149] Apache::Gallery Privilege Escalation
8515| [2107] Apache HTTP Server mod_ssl Host: Header XSS
8516| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
8517| [1833] Apache HTTP Server Multiple Slash GET Request DoS
8518| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
8519| [872] Apache Tomcat Multiple Default Accounts
8520| [862] Apache HTTP Server SSI Error Page XSS
8521| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
8522| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
8523| [845] Apache Tomcat MSDOS Device XSS
8524| [844] Apache Tomcat Java Servlet Error Page XSS
8525| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
8526| [838] Apache HTTP Server Chunked Encoding Remote Overflow
8527| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
8528| [775] Apache mod_python Module Importing Privilege Function Execution
8529| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
8530| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
8531| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
8532| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
8533| [637] Apache HTTP Server UserDir Directive Username Enumeration
8534| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
8535| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
8536| [562] Apache HTTP Server mod_info /server-info Information Disclosure
8537| [561] Apache Web Servers mod_status /server-status Information Disclosure
8538| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
8539| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
8540| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
8541| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
8542| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
8543| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
8544| [376] Apache Tomcat contextAdmin Arbitrary File Access
8545| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
8546| [222] Apache HTTP Server test-cgi Arbitrary File Access
8547| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
8548| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
8549#######################################################################################################################################
8550113/tcp closed ident conn-refused
8551139/tcp closed netbios-ssn conn-refused
8552443/tcp open ssl/http syn-ack Apache httpd
8553|_http-server-header: Apache
8554| vulscan: VulDB - https://vuldb.com:
8555| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
8556| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
8557| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
8558| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
8559| [134416] Apache Sanselan 0.97-incubator Loop denial of service
8560| [134415] Apache Sanselan 0.97-incubator Hang denial of service
8561| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
8562| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
8563| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8564| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8565| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
8566| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
8567| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
8568| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
8569| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
8570| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
8571| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
8572| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
8573| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
8574| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8575| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
8576| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
8577| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
8578| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
8579| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8580| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8581| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
8582| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
8583| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
8584| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
8585| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
8586| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
8587| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
8588| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
8589| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
8590| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
8591| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
8592| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
8593| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
8594| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
8595| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
8596| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
8597| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
8598| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
8599| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
8600| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
8601| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
8602| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
8603| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
8604| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
8605| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
8606| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
8607| [131859] Apache Hadoop up to 2.9.1 privilege escalation
8608| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
8609| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
8610| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
8611| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
8612| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
8613| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
8614| [130629] Apache Guacamole Cookie Flag weak encryption
8615| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
8616| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
8617| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
8618| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
8619| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
8620| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
8621| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
8622| [130123] Apache Airflow up to 1.8.2 information disclosure
8623| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
8624| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
8625| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
8626| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
8627| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8628| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8629| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8630| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
8631| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
8632| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
8633| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
8634| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
8635| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8636| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
8637| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
8638| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
8639| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
8640| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
8641| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8642| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
8643| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8644| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
8645| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
8646| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
8647| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
8648| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
8649| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
8650| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
8651| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
8652| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
8653| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
8654| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
8655| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
8656| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
8657| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
8658| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
8659| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
8660| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
8661| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
8662| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
8663| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
8664| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
8665| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
8666| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
8667| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
8668| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
8669| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
8670| [127007] Apache Spark Request Code Execution
8671| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
8672| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
8673| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
8674| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
8675| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
8676| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
8677| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
8678| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
8679| [126346] Apache Tomcat Path privilege escalation
8680| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
8681| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
8682| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
8683| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
8684| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
8685| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
8686| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
8687| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
8688| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
8689| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
8690| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
8691| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8692| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
8693| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
8694| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
8695| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
8696| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
8697| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
8698| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
8699| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
8700| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
8701| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
8702| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
8703| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
8704| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
8705| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
8706| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
8707| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
8708| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
8709| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
8710| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
8711| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
8712| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
8713| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
8714| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
8715| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
8716| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
8717| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
8718| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
8719| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
8720| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
8721| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
8722| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
8723| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
8724| [123197] Apache Sentry up to 2.0.0 privilege escalation
8725| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
8726| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
8727| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
8728| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
8729| [122800] Apache Spark 1.3.0 REST API weak authentication
8730| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
8731| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
8732| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
8733| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
8734| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
8735| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
8736| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
8737| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
8738| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
8739| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
8740| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
8741| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
8742| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
8743| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
8744| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
8745| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
8746| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
8747| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
8748| [121354] Apache CouchDB HTTP API Code Execution
8749| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
8750| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
8751| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
8752| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
8753| [120168] Apache CXF weak authentication
8754| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
8755| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
8756| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
8757| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
8758| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
8759| [119306] Apache MXNet Network Interface privilege escalation
8760| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
8761| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
8762| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
8763| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
8764| [118143] Apache NiFi activemq-client Library Deserialization denial of service
8765| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
8766| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
8767| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
8768| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
8769| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
8770| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
8771| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
8772| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
8773| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
8774| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
8775| [117115] Apache Tika up to 1.17 tika-server command injection
8776| [116929] Apache Fineract getReportType Parameter privilege escalation
8777| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
8778| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
8779| [116926] Apache Fineract REST Hand Parameter privilege escalation
8780| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
8781| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
8782| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
8783| [115883] Apache Hive up to 2.3.2 privilege escalation
8784| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
8785| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
8786| [115518] Apache Ignite 2.3 Deserialization privilege escalation
8787| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
8788| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
8789| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
8790| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
8791| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
8792| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
8793| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
8794| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
8795| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
8796| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
8797| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
8798| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
8799| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
8800| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
8801| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
8802| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
8803| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
8804| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
8805| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
8806| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
8807| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
8808| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
8809| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
8810| [113895] Apache Geode up to 1.3.x Code Execution
8811| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
8812| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
8813| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
8814| [113747] Apache Tomcat Servlets privilege escalation
8815| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
8816| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
8817| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
8818| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
8819| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
8820| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8821| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
8822| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8823| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
8824| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
8825| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
8826| [112885] Apache Allura up to 1.8.0 File information disclosure
8827| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
8828| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
8829| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
8830| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
8831| [112625] Apache POI up to 3.16 Loop denial of service
8832| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
8833| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
8834| [112339] Apache NiFi 1.5.0 Header privilege escalation
8835| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
8836| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
8837| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
8838| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
8839| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
8840| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
8841| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
8842| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
8843| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
8844| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
8845| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
8846| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
8847| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
8848| [112114] Oracle 9.1 Apache Log4j privilege escalation
8849| [112113] Oracle 9.1 Apache Log4j privilege escalation
8850| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
8851| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
8852| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
8853| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
8854| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
8855| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
8856| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
8857| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
8858| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
8859| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
8860| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
8861| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
8862| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
8863| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
8864| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
8865| [110701] Apache Fineract Query Parameter sql injection
8866| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
8867| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
8868| [110393] Apple macOS up to 10.13.2 apache information disclosure
8869| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
8870| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
8871| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
8872| [110106] Apache CXF Fediz Spring cross site request forgery
8873| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
8874| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
8875| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
8876| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
8877| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
8878| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
8879| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
8880| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
8881| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
8882| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
8883| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
8884| [108938] Apple macOS up to 10.13.1 apache denial of service
8885| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
8886| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
8887| [108935] Apple macOS up to 10.13.1 apache denial of service
8888| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
8889| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
8890| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
8891| [108931] Apple macOS up to 10.13.1 apache denial of service
8892| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
8893| [108929] Apple macOS up to 10.13.1 apache denial of service
8894| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
8895| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
8896| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
8897| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
8898| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
8899| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
8900| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
8901| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
8902| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
8903| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
8904| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
8905| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
8906| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
8907| [108782] Apache Xerces2 XML Service denial of service
8908| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
8909| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
8910| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
8911| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
8912| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
8913| [108629] Apache OFBiz up to 10.04.01 privilege escalation
8914| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
8915| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
8916| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
8917| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
8918| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
8919| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
8920| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
8921| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
8922| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
8923| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
8924| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
8925| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
8926| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
8927| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
8928| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8929| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
8930| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
8931| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8932| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
8933| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
8934| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
8935| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
8936| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
8937| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
8938| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
8939| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
8940| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
8941| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
8942| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
8943| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
8944| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
8945| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
8946| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
8947| [107639] Apache NiFi 1.4.0 XML External Entity
8948| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
8949| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
8950| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
8951| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
8952| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
8953| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
8954| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
8955| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
8956| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
8957| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
8958| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
8959| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8960| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8961| [107197] Apache Xerces Jelly Parser XML File XML External Entity
8962| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
8963| [107084] Apache Struts up to 2.3.19 cross site scripting
8964| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
8965| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
8966| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
8967| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
8968| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
8969| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
8970| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
8971| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
8972| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
8973| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
8974| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
8975| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
8976| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8977| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8978| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
8979| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
8980| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
8981| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
8982| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
8983| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
8984| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
8985| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
8986| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
8987| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
8988| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
8989| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
8990| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
8991| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
8992| [105878] Apache Struts up to 2.3.24.0 privilege escalation
8993| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
8994| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
8995| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
8996| [105643] Apache Pony Mail up to 0.8b weak authentication
8997| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
8998| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
8999| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
9000| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
9001| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
9002| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
9003| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
9004| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
9005| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
9006| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
9007| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
9008| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
9009| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
9010| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
9011| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
9012| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
9013| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
9014| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
9015| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
9016| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
9017| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
9018| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
9019| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
9020| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
9021| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
9022| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
9023| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
9024| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
9025| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
9026| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
9027| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
9028| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
9029| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
9030| [103690] Apache OpenMeetings 1.0.0 sql injection
9031| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
9032| [103688] Apache OpenMeetings 1.0.0 weak encryption
9033| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
9034| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
9035| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
9036| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
9037| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
9038| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
9039| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
9040| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
9041| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
9042| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
9043| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
9044| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
9045| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
9046| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
9047| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
9048| [103352] Apache Solr Node weak authentication
9049| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
9050| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
9051| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
9052| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
9053| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
9054| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
9055| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
9056| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
9057| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
9058| [102536] Apache Ranger up to 0.6 Stored cross site scripting
9059| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
9060| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
9061| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
9062| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
9063| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
9064| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
9065| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
9066| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
9067| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
9068| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
9069| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
9070| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
9071| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
9072| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
9073| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
9074| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
9075| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
9076| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
9077| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
9078| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
9079| [99937] Apache Batik up to 1.8 privilege escalation
9080| [99936] Apache FOP up to 2.1 privilege escalation
9081| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
9082| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
9083| [99930] Apache Traffic Server up to 6.2.0 denial of service
9084| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
9085| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
9086| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
9087| [117569] Apache Hadoop up to 2.7.3 privilege escalation
9088| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
9089| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
9090| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
9091| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
9092| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
9093| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
9094| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
9095| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
9096| [99014] Apache Camel Jackson/JacksonXML privilege escalation
9097| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9098| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
9099| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9100| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
9101| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
9102| [98605] Apple macOS up to 10.12.3 Apache denial of service
9103| [98604] Apple macOS up to 10.12.3 Apache denial of service
9104| [98603] Apple macOS up to 10.12.3 Apache denial of service
9105| [98602] Apple macOS up to 10.12.3 Apache denial of service
9106| [98601] Apple macOS up to 10.12.3 Apache denial of service
9107| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
9108| [98405] Apache Hadoop up to 0.23.10 privilege escalation
9109| [98199] Apache Camel Validation XML External Entity
9110| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
9111| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
9112| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
9113| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
9114| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
9115| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
9116| [97081] Apache Tomcat HTTPS Request denial of service
9117| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
9118| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
9119| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
9120| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
9121| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
9122| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
9123| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
9124| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
9125| [95311] Apache storm UI Daemon privilege escalation
9126| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
9127| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
9128| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
9129| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
9130| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
9131| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
9132| [94540] Apache Tika 1.9 tika-server File information disclosure
9133| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
9134| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
9135| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
9136| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
9137| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
9138| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
9139| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9140| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9141| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
9142| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
9143| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
9144| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
9145| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
9146| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
9147| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9148| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9149| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
9150| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
9151| [93532] Apache Commons Collections Library Java privilege escalation
9152| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
9153| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
9154| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
9155| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
9156| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
9157| [93098] Apache Commons FileUpload privilege escalation
9158| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
9159| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
9160| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
9161| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
9162| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
9163| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
9164| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
9165| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
9166| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
9167| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
9168| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
9169| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
9170| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
9171| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
9172| [92549] Apache Tomcat on Red Hat privilege escalation
9173| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
9174| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
9175| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
9176| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
9177| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
9178| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
9179| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
9180| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
9181| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
9182| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
9183| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
9184| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
9185| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
9186| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
9187| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
9188| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
9189| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
9190| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
9191| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
9192| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
9193| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
9194| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
9195| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
9196| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
9197| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
9198| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
9199| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
9200| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
9201| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
9202| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
9203| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
9204| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
9205| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
9206| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
9207| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
9208| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
9209| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
9210| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
9211| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
9212| [90263] Apache Archiva Header denial of service
9213| [90262] Apache Archiva Deserialize privilege escalation
9214| [90261] Apache Archiva XML DTD Connection privilege escalation
9215| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
9216| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
9217| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
9218| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
9219| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9220| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9221| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
9222| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
9223| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
9224| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
9225| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
9226| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
9227| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
9228| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
9229| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
9230| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
9231| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
9232| [87765] Apache James Server 2.3.2 Command privilege escalation
9233| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
9234| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
9235| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
9236| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
9237| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
9238| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
9239| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
9240| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
9241| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
9242| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9243| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9244| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
9245| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
9246| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
9247| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9248| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9249| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
9250| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
9251| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
9252| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
9253| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
9254| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
9255| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
9256| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
9257| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
9258| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
9259| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
9260| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
9261| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
9262| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
9263| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
9264| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
9265| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
9266| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
9267| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
9268| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
9269| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
9270| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
9271| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
9272| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
9273| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
9274| [82076] Apache Ranger up to 0.5.1 privilege escalation
9275| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
9276| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
9277| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
9278| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
9279| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
9280| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
9281| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
9282| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
9283| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
9284| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
9285| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
9286| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
9287| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9288| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9289| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
9290| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
9291| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
9292| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
9293| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
9294| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
9295| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
9296| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
9297| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
9298| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
9299| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
9300| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
9301| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
9302| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
9303| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
9304| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
9305| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
9306| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
9307| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
9308| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
9309| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
9310| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
9311| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
9312| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
9313| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
9314| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
9315| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
9316| [79791] Cisco Products Apache Commons Collections Library privilege escalation
9317| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9318| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9319| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
9320| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
9321| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
9322| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
9323| [78989] Apache Ambari up to 2.1.1 Open Redirect
9324| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
9325| [78987] Apache Ambari up to 2.0.x cross site scripting
9326| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
9327| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9328| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9329| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9330| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9331| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9332| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9333| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9334| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
9335| [77406] Apache Flex BlazeDS AMF Message XML External Entity
9336| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
9337| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
9338| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
9339| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
9340| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
9341| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
9342| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
9343| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
9344| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
9345| [76567] Apache Struts 2.3.20 unknown vulnerability
9346| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
9347| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
9348| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
9349| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
9350| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
9351| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
9352| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
9353| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
9354| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
9355| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
9356| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
9357| [74793] Apache Tomcat File Upload denial of service
9358| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
9359| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
9360| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
9361| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
9362| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
9363| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
9364| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
9365| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
9366| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
9367| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
9368| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
9369| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
9370| [74468] Apache Batik up to 1.6 denial of service
9371| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
9372| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
9373| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
9374| [74174] Apache WSS4J up to 2.0.0 privilege escalation
9375| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
9376| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
9377| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
9378| [73731] Apache XML Security unknown vulnerability
9379| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
9380| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
9381| [73593] Apache Traffic Server up to 5.1.0 denial of service
9382| [73511] Apache POI up to 3.10 Deadlock denial of service
9383| [73510] Apache Solr up to 4.3.0 cross site scripting
9384| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
9385| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
9386| [73173] Apache CloudStack Stack-Based unknown vulnerability
9387| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
9388| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
9389| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
9390| [72890] Apache Qpid 0.30 unknown vulnerability
9391| [72887] Apache Hive 0.13.0 File Permission privilege escalation
9392| [72878] Apache Cordova 3.5.0 cross site request forgery
9393| [72877] Apache Cordova 3.5.0 cross site request forgery
9394| [72876] Apache Cordova 3.5.0 cross site request forgery
9395| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
9396| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
9397| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
9398| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
9399| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9400| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9401| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
9402| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
9403| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
9404| [71629] Apache Axis2/C spoofing
9405| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
9406| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
9407| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
9408| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
9409| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
9410| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
9411| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
9412| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
9413| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
9414| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
9415| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
9416| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
9417| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
9418| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
9419| [70809] Apache POI up to 3.11 Crash denial of service
9420| [70808] Apache POI up to 3.10 unknown vulnerability
9421| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
9422| [70749] Apache Axis up to 1.4 getCN spoofing
9423| [70701] Apache Traffic Server up to 3.3.5 denial of service
9424| [70700] Apache OFBiz up to 12.04.03 cross site scripting
9425| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
9426| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
9427| [70661] Apache Subversion up to 1.6.17 denial of service
9428| [70660] Apache Subversion up to 1.6.17 spoofing
9429| [70659] Apache Subversion up to 1.6.17 spoofing
9430| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
9431| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
9432| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
9433| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
9434| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
9435| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
9436| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
9437| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
9438| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
9439| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
9440| [69846] Apache HBase up to 0.94.8 information disclosure
9441| [69783] Apache CouchDB up to 1.2.0 memory corruption
9442| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
9443| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
9444| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
9445| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
9446| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
9447| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
9448| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
9449| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
9450| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
9451| [69431] Apache Archiva up to 1.3.6 cross site scripting
9452| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
9453| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
9454| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
9455| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege
9456escalation
9457| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
9458| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
9459| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
9460| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
9461| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
9462| [66739] Apache Camel up to 2.12.2 unknown vulnerability
9463| [66738] Apache Camel up to 2.12.2 unknown vulnerability
9464| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
9465| [66695] Apache CouchDB up to 1.2.0 cross site scripting
9466| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
9467| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
9468| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
9469| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
9470| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
9471| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
9472| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
9473| [66356] Apache Wicket up to 6.8.0 information disclosure
9474| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
9475| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
9476| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9477| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
9478| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
9479| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9480| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9481| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
9482| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
9483| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
9484| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
9485| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
9486| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
9487| [65668] Apache Solr 4.0.0 Updater denial of service
9488| [65665] Apache Solr up to 4.3.0 denial of service
9489| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
9490| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
9491| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
9492| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
9493| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
9494| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
9495| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
9496| [65410] Apache Struts 2.3.15.3 cross site scripting
9497| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
9498| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
9499| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
9500| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
9501| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
9502| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
9503| [65340] Apache Shindig 2.5.0 information disclosure
9504| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
9505| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
9506| [10826] Apache Struts 2 File privilege escalation
9507| [65204] Apache Camel up to 2.10.1 unknown vulnerability
9508| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
9509| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
9510| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
9511| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
9512| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
9513| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
9514| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
9515| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
9516| [64722] Apache XML Security for C++ Heap-based memory corruption
9517| [64719] Apache XML Security for C++ Heap-based memory corruption
9518| [64718] Apache XML Security for C++ verify denial of service
9519| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
9520| [64716] Apache XML Security for C++ spoofing
9521| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
9522| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
9523| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
9524| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
9525| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
9526| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
9527| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
9528| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
9529| [64485] Apache Struts up to 2.2.3.0 privilege escalation
9530| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
9531| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
9532| [64467] Apache Geronimo 3.0 memory corruption
9533| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
9534| [64457] Apache Struts up to 2.2.3.0 cross site scripting
9535| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
9536| [9184] Apache Qpid up to 0.20 SSL misconfiguration
9537| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
9538| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
9539| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
9540| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
9541| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
9542| [8873] Apache Struts 2.3.14 privilege escalation
9543| [8872] Apache Struts 2.3.14 privilege escalation
9544| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
9545| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
9546| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
9547| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
9548| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
9549| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9550| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9551| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
9552| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
9553| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
9554| [64006] Apache ActiveMQ up to 5.7.0 denial of service
9555| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
9556| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
9557| [8427] Apache Tomcat Session Transaction weak authentication
9558| [63960] Apache Maven 3.0.4 Default Configuration spoofing
9559| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
9560| [63750] Apache qpid up to 0.20 checkAvailable denial of service
9561| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
9562| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
9563| [63747] Apache Rave up to 0.20 User Account information disclosure
9564| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
9565| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
9566| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
9567| [7687] Apache CXF up to 2.7.2 Token weak authentication
9568| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9569| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9570| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
9571| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
9572| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
9573| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
9574| [63090] Apache Tomcat up to 4.1.24 denial of service
9575| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
9576| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
9577| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
9578| [62833] Apache CXF -/2.6.0 spoofing
9579| [62832] Apache Axis2 up to 1.6.2 spoofing
9580| [62831] Apache Axis up to 1.4 Java Message Service spoofing
9581| [62830] Apache Commons-httpclient 3.0 Payments spoofing
9582| [62826] Apache Libcloud up to 0.11.0 spoofing
9583| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
9584| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
9585| [62661] Apache Axis2 unknown vulnerability
9586| [62658] Apache Axis2 unknown vulnerability
9587| [62467] Apache Qpid up to 0.17 denial of service
9588| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
9589| [6301] Apache HTTP Server mod_pagespeed cross site scripting
9590| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
9591| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
9592| [62035] Apache Struts up to 2.3.4 denial of service
9593| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
9594| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
9595| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
9596| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
9597| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
9598| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
9599| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
9600| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
9601| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
9602| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
9603| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
9604| [61229] Apache Sling up to 2.1.1 denial of service
9605| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
9606| [61094] Apache Roller up to 5.0 cross site scripting
9607| [61093] Apache Roller up to 5.0 cross site request forgery
9608| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
9609| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
9610| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
9611| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
9612| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
9613| [60708] Apache Qpid 0.12 unknown vulnerability
9614| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
9615| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
9616| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
9617| [4882] Apache Wicket up to 1.5.4 directory traversal
9618| [4881] Apache Wicket up to 1.4.19 cross site scripting
9619| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
9620| [60352] Apache Struts up to 2.2.3 memory corruption
9621| [60153] Apache Portable Runtime up to 1.4.3 denial of service
9622| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
9623| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
9624| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
9625| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
9626| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
9627| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
9628| [4571] Apache Struts up to 2.3.1.2 privilege escalation
9629| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
9630| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
9631| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
9632| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
9633| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
9634| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
9635| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9636| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
9637| [59888] Apache Tomcat up to 6.0.6 denial of service
9638| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
9639| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
9640| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
9641| [59850] Apache Geronimo up to 2.2.1 denial of service
9642| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
9643| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
9644| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
9645| [58413] Apache Tomcat up to 6.0.10 spoofing
9646| [58381] Apache Wicket up to 1.4.17 cross site scripting
9647| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
9648| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
9649| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
9650| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
9651| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9652| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
9653| [57568] Apache Archiva up to 1.3.4 cross site scripting
9654| [57567] Apache Archiva up to 1.3.4 cross site request forgery
9655| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
9656| [4355] Apache HTTP Server APR apr_fnmatch denial of service
9657| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
9658| [57425] Apache Struts up to 2.2.1.1 cross site scripting
9659| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
9660| [57025] Apache Tomcat up to 7.0.11 information disclosure
9661| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
9662| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
9663| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9664| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
9665| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
9666| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
9667| [56512] Apache Continuum up to 1.4.0 cross site scripting
9668| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
9669| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
9670| [4283] Apache Tomcat 5.x ServletContect privilege escalation
9671| [56441] Apache Tomcat up to 7.0.6 denial of service
9672| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
9673| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
9674| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
9675| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
9676| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
9677| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
9678| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
9679| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
9680| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
9681| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
9682| [54693] Apache Traffic Server DNS Cache unknown vulnerability
9683| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
9684| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
9685| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
9686| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
9687| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
9688| [54012] Apache Tomcat up to 6.0.10 denial of service
9689| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
9690| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
9691| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
9692| [52894] Apache Tomcat up to 6.0.7 information disclosure
9693| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
9694| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
9695| [52786] Apache Open For Business Project up to 09.04 cross site scripting
9696| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
9697| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
9698| [52584] Apache CouchDB up to 0.10.1 information disclosure
9699| [51757] Apache HTTP Server 2.0.44 cross site scripting
9700| [51756] Apache HTTP Server 2.0.44 spoofing
9701| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
9702| [51690] Apache Tomcat up to 6.0 directory traversal
9703| [51689] Apache Tomcat up to 6.0 information disclosure
9704| [51688] Apache Tomcat up to 6.0 directory traversal
9705| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
9706| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
9707| [50626] Apache Solr 1.0.0 cross site scripting
9708| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
9709| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
9710| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
9711| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
9712| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
9713| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
9714| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
9715| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
9716| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
9717| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
9718| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
9719| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
9720| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
9721| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
9722| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
9723| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
9724| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
9725| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
9726| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
9727| [47214] Apachefriends xampp 1.6.8 spoofing
9728| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
9729| [47162] Apachefriends XAMPP 1.4.4 weak authentication
9730| [47065] Apache Tomcat 4.1.23 cross site scripting
9731| [46834] Apache Tomcat up to 5.5.20 cross site scripting
9732| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
9733| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
9734| [86625] Apache Struts directory traversal
9735| [44461] Apache Tomcat up to 5.5.0 information disclosure
9736| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
9737| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
9738| [43663] Apache Tomcat up to 6.0.16 directory traversal
9739| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
9740| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
9741| [43516] Apache Tomcat up to 4.1.20 directory traversal
9742| [43509] Apache Tomcat up to 6.0.13 cross site scripting
9743| [42637] Apache Tomcat up to 6.0.16 cross site scripting
9744| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
9745| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
9746| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
9747| [40924] Apache Tomcat up to 6.0.15 information disclosure
9748| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
9749| [40922] Apache Tomcat up to 6.0 information disclosure
9750| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
9751| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
9752| [40656] Apache Tomcat 5.5.20 information disclosure
9753| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
9754| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
9755| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
9756| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
9757| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
9758| [40234] Apache Tomcat up to 6.0.15 directory traversal
9759| [40221] Apache HTTP Server 2.2.6 information disclosure
9760| [40027] David Castro Apache Authcas 0.4 sql injection
9761| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
9762| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
9763| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
9764| [39489] Apache Jakarta Slide up to 2.1 directory traversal
9765| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
9766| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
9767| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
9768| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
9769| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
9770| [38524] Apache Geronimo 2.0 unknown vulnerability
9771| [3256] Apache Tomcat up to 6.0.13 cross site scripting
9772| [38331] Apache Tomcat 4.1.24 information disclosure
9773| [38330] Apache Tomcat 4.1.24 information disclosure
9774| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
9775| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
9776| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
9777| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
9778| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
9779| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
9780| [37292] Apache Tomcat up to 5.5.1 cross site scripting
9781| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
9782| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
9783| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
9784| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
9785| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
9786| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
9787| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
9788| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
9789| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
9790| [36225] XAMPP Apache Distribution 1.6.0a sql injection
9791| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
9792| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
9793| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
9794| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
9795| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
9796| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
9797| [34252] Apache HTTP Server denial of service
9798| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
9799| [33877] Apache Opentaps 0.9.3 cross site scripting
9800| [33876] Apache Open For Business Project unknown vulnerability
9801| [33875] Apache Open For Business Project cross site scripting
9802| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
9803| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
9804| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
9805| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
9806| [31663] vbPortal Apache HTTP Server index.php directory traversal
9807| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
9808| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
9809| [30623] Apache James 2.2.0 SMTP Server denial of service
9810| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
9811#######################################################################################################################################
9812| MITRE CVE - https://cve.mitre.org:
9813| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
9814| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
9815| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
9816| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
9817| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
9818| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
9819| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
9820| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
9821| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
9822| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
9823| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
9824| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
9825| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
9826| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
9827| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
9828| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
9829| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
9830| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
9831| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
9832| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
9833| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
9834| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
9835| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
9836| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
9837| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
9838| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
9839| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
9840| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
9841| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
9842| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
9843| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9844| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
9845| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
9846| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
9847| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
9848| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
9849| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
9850| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
9851| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
9852| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
9853| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
9854| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9855| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9856| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9857| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9858| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
9859| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
9860| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
9861| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
9862| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
9863| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
9864| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
9865| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
9866| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
9867| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
9868| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
9869| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
9870| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
9871| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
9872| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
9873| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
9874| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
9875| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
9876| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
9877| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9878| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
9879| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
9880| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
9881| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
9882| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
9883| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
9884| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
9885| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
9886| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
9887| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
9888| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
9889| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
9890| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
9891| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
9892| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
9893| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
9894| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
9895| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
9896| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
9897| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
9898| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
9899| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
9900| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
9901| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9902| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
9903| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
9904| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
9905| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
9906| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
9907| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
9908| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
9909| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
9910| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
9911| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9912| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
9913| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
9914| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
9915| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
9916| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
9917| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
9918| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
9919| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
9920| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
9921| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
9922| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
9923| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
9924| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
9925| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
9926| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
9927| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
9928| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
9929| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
9930| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
9931| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
9932| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
9933| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
9934| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
9935| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
9936| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
9937| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9938| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9939| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
9940| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
9941| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
9942| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
9943| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
9944| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
9945| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
9946| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
9947| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
9948| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
9949| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
9950| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
9951| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9952| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
9953| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
9954| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
9955| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
9956| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
9957| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
9958| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
9959| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
9960| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
9961| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
9962| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
9963| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
9964| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
9965| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
9966| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
9967| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
9968| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
9969| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
9970| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
9971| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
9972| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
9973| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
9974| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
9975| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
9976| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9977| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
9978| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
9979| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
9980| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
9981| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
9982| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
9983| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
9984| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
9985| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
9986| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
9987| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
9988| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
9989| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
9990| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
9991| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
9992| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9993| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
9994| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
9995| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
9996| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
9997| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
9998| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
9999| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
10000| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
10001| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
10002| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
10003| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
10004| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
10005| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
10006| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
10007| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
10008| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
10009| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
10010| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
10011| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
10012| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
10013| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
10014| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
10015| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
10016| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
10017| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
10018| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
10019| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
10020| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
10021| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
10022| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
10023| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
10024| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
10025| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
10026| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
10027| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
10028| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
10029| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
10030| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
10031| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
10032| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
10033| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10034| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
10035| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
10036| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
10037| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
10038| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
10039| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
10040| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
10041| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
10042| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
10043| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
10044| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
10045| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
10046| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
10047| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
10048| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
10049| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
10050| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
10051| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
10052| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
10053| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
10054| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
10055| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
10056| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
10057| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
10058| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
10059| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
10060| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
10061| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
10062| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
10063| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
10064| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
10065| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
10066| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
10067| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
10068| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
10069| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
10070| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
10071| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
10072| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
10073| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
10074| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
10075| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
10076| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
10077| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
10078| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
10079| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
10080| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
10081| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
10082| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10083| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
10084| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
10085| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
10086| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
10087| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
10088| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
10089| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
10090| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
10091| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
10092| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
10093| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
10094| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
10095| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
10096| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
10097| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
10098| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
10099| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
10100| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
10101| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
10102| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
10103| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
10104| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
10105| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
10106| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10107| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10108| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
10109| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
10110| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
10111| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
10112| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
10113| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
10114| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
10115| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
10116| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
10117| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
10118| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10119| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10120| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
10121| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
10122| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
10123| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10124| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
10125| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
10126| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
10127| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
10128| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
10129| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
10130| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
10131| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
10132| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10133| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
10134| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
10135| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
10136| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
10137| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
10138| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
10139| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
10140| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
10141| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
10142| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
10143| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
10144| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
10145| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
10146| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
10147| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
10148| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
10149| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
10150| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
10151| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
10152| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
10153| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
10154| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
10155| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
10156| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
10157| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
10158| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
10159| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
10160| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10161| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10162| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
10163| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
10164| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
10165| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10166| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
10167| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
10168| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
10169| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
10170| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
10171| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
10172| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
10173| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
10174| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
10175| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
10176| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
10177| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
10178| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
10179| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10180| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10181| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
10182| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
10183| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
10184| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
10185| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
10186| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
10187| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
10188| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10189| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
10190| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10191| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
10192| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
10193| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
10194| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10195| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
10196| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10197| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
10198| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
10199| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10200| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
10201| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
10202| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
10203| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
10204| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
10205| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
10206| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
10207| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
10208| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10209| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
10210| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
10211| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
10212| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
10213| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
10214| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
10215| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
10216| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
10217| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
10218| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
10219| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
10220| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
10221| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
10222| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
10223| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
10224| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
10225| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
10226| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
10227| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
10228| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
10229| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
10230| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10231| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10232| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
10233| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
10234| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
10235| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
10236| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
10237| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
10238| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
10239| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
10240| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
10241| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
10242| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
10243| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
10244| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
10245| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
10246| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
10247| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
10248| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
10249| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
10250| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
10251| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
10252| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
10253| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
10254| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
10255| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10256| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10257| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10258| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
10259| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
10260| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
10261| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
10262| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
10263| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
10264| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
10265| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
10266| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
10267| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
10268| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
10269| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
10270| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
10271| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
10272| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
10273| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10274| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10275| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
10276| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
10277| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
10278| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
10279| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
10280| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
10281| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
10282| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
10283| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
10284| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
10285| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
10286| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
10287| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
10288| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
10289| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
10290| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
10291| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
10292| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10293| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
10294| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
10295| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
10296| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
10297| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
10298| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10299| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
10300| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10301| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10302| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
10303| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
10304| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
10305| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
10306| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
10307| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
10308| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
10309| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
10310| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
10311| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
10312| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10313| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
10314| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
10315| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
10316| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
10317| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
10318| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
10319| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
10320| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
10321| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
10322| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
10323| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
10324| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
10325| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
10326| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
10327| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
10328| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
10329| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
10330| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
10331| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10332| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
10333| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10334| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
10335| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
10336| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
10337| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
10338| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
10339| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
10340| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
10341| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
10342| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
10343| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
10344| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
10345| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
10346| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
10347| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10348| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
10349| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
10350| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
10351| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
10352| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
10353| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
10354| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
10355| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
10356| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
10357| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
10358| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
10359| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
10360| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
10361| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
10362| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
10363| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
10364| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
10365| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
10366| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
10367| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
10368| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
10369| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
10370| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
10371| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
10372| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
10373| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
10374| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
10375| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
10376| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
10377| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
10378| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
10379| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
10380| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
10381| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
10382| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
10383| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
10384| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
10385| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
10386| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
10387| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
10388| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
10389| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
10390| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
10391| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
10392| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
10393| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
10394| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
10395| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
10396| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
10397| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
10398| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
10399| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
10400| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
10401| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
10402| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
10403| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
10404| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
10405| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
10406| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
10407| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
10408| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
10409| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10410| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
10411| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
10412| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
10413| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
10414| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
10415| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
10416| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
10417| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
10418| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
10419| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
10420| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
10421| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
10422#######################################################################################################################################
10423| SecurityFocus - https://www.securityfocus.com/bid/:
10424| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
10425| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
10426| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
10427| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
10428| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
10429| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
10430| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
10431| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
10432| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
10433| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
10434| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
10435| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
10436| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
10437| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
10438| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
10439| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
10440| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
10441| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
10442| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
10443| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
10444| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
10445| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
10446| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
10447| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
10448| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
10449| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
10450| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
10451| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
10452| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
10453| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
10454| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
10455| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
10456| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
10457| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
10458| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
10459| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
10460| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
10461| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
10462| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
10463| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
10464| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
10465| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
10466| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
10467| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
10468| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
10469| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
10470| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
10471| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
10472| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
10473| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
10474| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
10475| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
10476| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
10477| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
10478| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
10479| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
10480| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
10481| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
10482| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
10483| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
10484| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
10485| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
10486| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
10487| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
10488| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
10489| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
10490| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
10491| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
10492| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
10493| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
10494| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
10495| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
10496| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
10497| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
10498| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
10499| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
10500| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
10501| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
10502| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
10503| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
10504| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
10505| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
10506| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
10507| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
10508| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
10509| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
10510| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
10511| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
10512| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
10513| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
10514| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
10515| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
10516| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
10517| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
10518| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
10519| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
10520| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
10521| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
10522| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
10523| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
10524| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
10525| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
10526| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
10527| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
10528| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
10529| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
10530| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
10531| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
10532| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
10533| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
10534| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
10535| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
10536| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
10537| [100447] Apache2Triad Multiple Security Vulnerabilities
10538| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
10539| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
10540| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
10541| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
10542| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
10543| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
10544| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
10545| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
10546| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
10547| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
10548| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
10549| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
10550| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
10551| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
10552| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
10553| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
10554| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
10555| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
10556| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
10557| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
10558| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
10559| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
10560| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
10561| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
10562| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
10563| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
10564| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
10565| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
10566| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
10567| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
10568| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
10569| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
10570| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
10571| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
10572| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
10573| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
10574| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
10575| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
10576| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
10577| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
10578| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
10579| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
10580| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
10581| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
10582| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
10583| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
10584| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
10585| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
10586| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
10587| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
10588| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
10589| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
10590| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
10591| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
10592| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
10593| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
10594| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
10595| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
10596| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
10597| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
10598| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
10599| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
10600| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
10601| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
10602| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
10603| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
10604| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
10605| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
10606| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
10607| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
10608| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
10609| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
10610| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
10611| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
10612| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
10613| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
10614| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
10615| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
10616| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
10617| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
10618| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
10619| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
10620| [95675] Apache Struts Remote Code Execution Vulnerability
10621| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
10622| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
10623| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
10624| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
10625| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
10626| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
10627| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
10628| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
10629| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
10630| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
10631| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
10632| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
10633| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
10634| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
10635| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
10636| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
10637| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
10638| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
10639| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
10640| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
10641| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
10642| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
10643| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
10644| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
10645| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
10646| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
10647| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
10648| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
10649| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
10650| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
10651| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
10652| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
10653| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
10654| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
10655| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
10656| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
10657| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
10658| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
10659| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
10660| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
10661| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
10662| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
10663| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
10664| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
10665| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
10666| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
10667| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
10668| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
10669| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
10670| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
10671| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
10672| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
10673| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
10674| [91736] Apache XML-RPC Multiple Security Vulnerabilities
10675| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
10676| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
10677| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
10678| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
10679| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
10680| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
10681| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
10682| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
10683| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
10684| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
10685| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
10686| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
10687| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
10688| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
10689| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
10690| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
10691| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
10692| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
10693| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
10694| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
10695| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
10696| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
10697| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
10698| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
10699| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
10700| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
10701| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
10702| [90482] Apache CVE-2004-1387 Local Security Vulnerability
10703| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
10704| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
10705| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
10706| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
10707| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
10708| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
10709| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
10710| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
10711| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
10712| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
10713| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
10714| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
10715| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
10716| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
10717| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
10718| [86399] Apache CVE-2007-1743 Local Security Vulnerability
10719| [86397] Apache CVE-2007-1742 Local Security Vulnerability
10720| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
10721| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
10722| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
10723| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
10724| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
10725| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
10726| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
10727| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
10728| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
10729| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
10730| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
10731| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
10732| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
10733| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
10734| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
10735| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
10736| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
10737| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
10738| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
10739| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
10740| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
10741| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
10742| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
10743| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
10744| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
10745| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
10746| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
10747| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
10748| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
10749| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
10750| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
10751| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
10752| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
10753| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
10754| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
10755| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
10756| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
10757| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
10758| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
10759| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
10760| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
10761| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
10762| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
10763| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
10764| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
10765| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
10766| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
10767| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
10768| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
10769| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
10770| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
10771| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
10772| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
10773| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
10774| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
10775| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
10776| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
10777| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
10778| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
10779| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
10780| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
10781| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
10782| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
10783| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
10784| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
10785| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
10786| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
10787| [76933] Apache James Server Unspecified Command Execution Vulnerability
10788| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
10789| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
10790| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
10791| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
10792| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
10793| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
10794| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
10795| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
10796| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
10797| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
10798| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
10799| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
10800| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
10801| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
10802| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
10803| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
10804| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
10805| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
10806| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
10807| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
10808| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
10809| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
10810| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
10811| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
10812| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
10813| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
10814| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
10815| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
10816| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
10817| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
10818| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
10819| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
10820| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
10821| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
10822| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
10823| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
10824| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
10825| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
10826| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
10827| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
10828| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
10829| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
10830| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
10831| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
10832| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
10833| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
10834| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
10835| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
10836| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
10837| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
10838| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
10839| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
10840| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
10841| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
10842| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
10843| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
10844| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
10845| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
10846| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
10847| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
10848| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
10849| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
10850| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
10851| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
10852| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
10853| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
10854| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
10855| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
10856| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
10857| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
10858| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
10859| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
10860| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
10861| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
10862| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
10863| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
10864| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
10865| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
10866| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
10867| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
10868| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
10869| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
10870| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
10871| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
10872| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
10873| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
10874| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
10875| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
10876| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
10877| [68229] Apache Harmony PRNG Entropy Weakness
10878| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
10879| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
10880| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
10881| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
10882| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
10883| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
10884| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
10885| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
10886| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
10887| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
10888| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
10889| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
10890| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
10891| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
10892| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
10893| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
10894| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
10895| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
10896| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
10897| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
10898| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
10899| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
10900| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
10901| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
10902| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
10903| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
10904| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
10905| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
10906| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
10907| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
10908| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
10909| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
10910| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
10911| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
10912| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
10913| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
10914| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
10915| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
10916| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
10917| [64780] Apache CloudStack Unauthorized Access Vulnerability
10918| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
10919| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
10920| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
10921| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
10922| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
10923| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
10924| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
10925| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
10926| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
10927| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
10928| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
10929| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10930| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
10931| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
10932| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
10933| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
10934| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
10935| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
10936| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
10937| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
10938| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
10939| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
10940| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
10941| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
10942| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
10943| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
10944| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
10945| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
10946| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
10947| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
10948| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
10949| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
10950| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
10951| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
10952| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
10953| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
10954| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
10955| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
10956| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
10957| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
10958| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
10959| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
10960| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
10961| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
10962| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
10963| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
10964| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
10965| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
10966| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
10967| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
10968| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
10969| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
10970| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
10971| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
10972| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
10973| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
10974| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
10975| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
10976| [59670] Apache VCL Multiple Input Validation Vulnerabilities
10977| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
10978| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
10979| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
10980| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
10981| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
10982| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
10983| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
10984| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
10985| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
10986| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
10987| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
10988| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
10989| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
10990| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
10991| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
10992| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
10993| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
10994| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
10995| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
10996| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
10997| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
10998| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
10999| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
11000| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
11001| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
11002| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
11003| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
11004| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
11005| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
11006| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
11007| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
11008| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
11009| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
11010| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
11011| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
11012| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
11013| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
11014| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
11015| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
11016| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
11017| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
11018| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
11019| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
11020| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
11021| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
11022| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
11023| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
11024| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
11025| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
11026| [54798] Apache Libcloud Man In The Middle Vulnerability
11027| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
11028| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
11029| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
11030| [54189] Apache Roller Cross Site Request Forgery Vulnerability
11031| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
11032| [53880] Apache CXF Child Policies Security Bypass Vulnerability
11033| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
11034| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
11035| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
11036| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
11037| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
11038| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
11039| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
11040| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11041| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
11042| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
11043| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
11044| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
11045| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
11046| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
11047| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
11048| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
11049| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
11050| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
11051| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
11052| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
11053| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11054| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11055| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
11056| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
11057| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
11058| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
11059| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
11060| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
11061| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
11062| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11063| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
11064| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
11065| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
11066| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
11067| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11068| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11069| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
11070| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
11071| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11072| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
11073| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
11074| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
11075| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
11076| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
11077| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
11078| [49290] Apache Wicket Cross Site Scripting Vulnerability
11079| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
11080| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
11081| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
11082| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
11083| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
11084| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
11085| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
11086| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11087| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
11088| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
11089| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
11090| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
11091| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
11092| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
11093| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
11094| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
11095| [46953] Apache MPM-ITK Module Security Weakness
11096| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
11097| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
11098| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
11099| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
11100| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
11101| [46166] Apache Tomcat JVM Denial of Service Vulnerability
11102| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
11103| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11104| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
11105| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
11106| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
11107| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
11108| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
11109| [44616] Apache Shiro Directory Traversal Vulnerability
11110| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
11111| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
11112| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
11113| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
11114| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
11115| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11116| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
11117| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
11118| [42492] Apache CXF XML DTD Processing Security Vulnerability
11119| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
11120| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11121| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11122| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
11123| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
11124| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11125| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
11126| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
11127| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
11128| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11129| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11130| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
11131| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
11132| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11133| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
11134| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
11135| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
11136| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
11137| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
11138| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
11139| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
11140| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
11141| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
11142| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
11143| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
11144| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
11145| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
11146| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
11147| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
11148| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
11149| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11150| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
11151| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
11152| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
11153| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
11154| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11155| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
11156| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
11157| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
11158| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
11159| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
11160| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11161| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11162| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
11163| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
11164| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
11165| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
11166| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
11167| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
11168| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11169| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
11170| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
11171| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11172| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
11173| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
11174| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
11175| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
11176| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
11177| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
11178| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
11179| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11180| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
11181| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
11182| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
11183| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
11184| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
11185| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
11186| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
11187| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
11188| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
11189| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11190| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
11191| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11192| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
11193| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
11194| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
11195| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
11196| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
11197| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11198| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
11199| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
11200| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
11201| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
11202| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
11203| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
11204| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
11205| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
11206| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
11207| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
11208| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
11209| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
11210| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
11211| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
11212| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
11213| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
11214| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
11215| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
11216| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
11217| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
11218| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
11219| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
11220| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
11221| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11222| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
11223| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
11224| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
11225| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
11226| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
11227| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
11228| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
11229| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
11230| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
11231| [20527] Apache Mod_TCL Remote Format String Vulnerability
11232| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
11233| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
11234| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
11235| [19106] Apache Tomcat Information Disclosure Vulnerability
11236| [18138] Apache James SMTP Denial Of Service Vulnerability
11237| [17342] Apache Struts Multiple Remote Vulnerabilities
11238| [17095] Apache Log4Net Denial Of Service Vulnerability
11239| [16916] Apache mod_python FileSession Code Execution Vulnerability
11240| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
11241| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
11242| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
11243| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
11244| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
11245| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
11246| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
11247| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
11248| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
11249| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
11250| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
11251| [15177] PHP Apache 2 Local Denial of Service Vulnerability
11252| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
11253| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
11254| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
11255| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
11256| [14106] Apache HTTP Request Smuggling Vulnerability
11257| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
11258| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
11259| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
11260| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
11261| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
11262| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
11263| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
11264| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
11265| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
11266| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
11267| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
11268| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
11269| [11471] Apache mod_include Local Buffer Overflow Vulnerability
11270| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
11271| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
11272| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
11273| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
11274| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11275| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
11276| [11094] Apache mod_ssl Denial Of Service Vulnerability
11277| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
11278| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
11279| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
11280| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
11281| [10478] ClueCentral Apache Suexec Patch Security Weakness
11282| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
11283| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11284| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
11285| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
11286| [9921] Apache Connection Blocking Denial Of Service Vulnerability
11287| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
11288| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
11289| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
11290| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
11291| [9733] Apache Cygwin Directory Traversal Vulnerability
11292| [9599] Apache mod_php Global Variables Information Disclosure Weakness
11293| [9590] Apache-SSL Client Certificate Forging Vulnerability
11294| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11295| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
11296| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
11297| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
11298| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
11299| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
11300| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
11301| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
11302| [8898] Red Hat Apache Directory Index Default Configuration Error
11303| [8883] Apache Cocoon Directory Traversal Vulnerability
11304| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
11305| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
11306| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
11307| [8707] Apache htpasswd Password Entropy Weakness
11308| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
11309| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
11310| [8226] Apache HTTP Server Multiple Vulnerabilities
11311| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
11312| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
11313| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
11314| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
11315| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
11316| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
11317| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
11318| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
11319| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
11320| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
11321| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
11322| [7255] Apache Web Server File Descriptor Leakage Vulnerability
11323| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11324| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
11325| [6939] Apache Web Server ETag Header Information Disclosure Weakness
11326| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
11327| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
11328| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
11329| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
11330| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
11331| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
11332| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
11333| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
11334| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
11335| [6117] Apache mod_php File Descriptor Leakage Vulnerability
11336| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
11337| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
11338| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
11339| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
11340| [5992] Apache HTDigest Insecure Temporary File Vulnerability
11341| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
11342| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
11343| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
11344| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
11345| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
11346| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11347| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
11348| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
11349| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
11350| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
11351| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11352| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
11353| [5485] Apache 2.0 Path Disclosure Vulnerability
11354| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11355| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
11356| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
11357| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
11358| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
11359| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
11360| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
11361| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
11362| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
11363| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
11364| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
11365| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
11366| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
11367| [4437] Apache Error Message Cross-Site Scripting Vulnerability
11368| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
11369| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
11370| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
11371| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
11372| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
11373| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
11374| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
11375| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
11376| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
11377| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
11378| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
11379| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
11380| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
11381| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
11382| [3596] Apache Split-Logfile File Append Vulnerability
11383| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
11384| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
11385| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
11386| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
11387| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
11388| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
11389| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
11390| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
11391| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
11392| [3169] Apache Server Address Disclosure Vulnerability
11393| [3009] Apache Possible Directory Index Disclosure Vulnerability
11394| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
11395| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
11396| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
11397| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
11398| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
11399| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
11400| [2216] Apache Web Server DoS Vulnerability
11401| [2182] Apache /tmp File Race Vulnerability
11402| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
11403| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
11404| [1821] Apache mod_cookies Buffer Overflow Vulnerability
11405| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
11406| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
11407| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
11408| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
11409| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
11410| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
11411| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
11412| [1457] Apache::ASP source.asp Example Script Vulnerability
11413| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
11414| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
11415#######################################################################################################################################
11416| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11417| [86258] Apache CloudStack text fields cross-site scripting
11418| [85983] Apache Subversion mod_dav_svn module denial of service
11419| [85875] Apache OFBiz UEL code execution
11420| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
11421| [85871] Apache HTTP Server mod_session_dbd unspecified
11422| [85756] Apache Struts OGNL expression command execution
11423| [85755] Apache Struts DefaultActionMapper class open redirect
11424| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
11425| [85574] Apache HTTP Server mod_dav denial of service
11426| [85573] Apache Struts Showcase App OGNL code execution
11427| [85496] Apache CXF denial of service
11428| [85423] Apache Geronimo RMI classloader code execution
11429| [85326] Apache Santuario XML Security for C++ buffer overflow
11430| [85323] Apache Santuario XML Security for Java spoofing
11431| [85319] Apache Qpid Python client SSL spoofing
11432| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
11433| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
11434| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
11435| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
11436| [84952] Apache Tomcat CVE-2012-3544 denial of service
11437| [84763] Apache Struts CVE-2013-2135 security bypass
11438| [84762] Apache Struts CVE-2013-2134 security bypass
11439| [84719] Apache Subversion CVE-2013-2088 command execution
11440| [84718] Apache Subversion CVE-2013-2112 denial of service
11441| [84717] Apache Subversion CVE-2013-1968 denial of service
11442| [84577] Apache Tomcat security bypass
11443| [84576] Apache Tomcat symlink
11444| [84543] Apache Struts CVE-2013-2115 security bypass
11445| [84542] Apache Struts CVE-2013-1966 security bypass
11446| [84154] Apache Tomcat session hijacking
11447| [84144] Apache Tomcat denial of service
11448| [84143] Apache Tomcat information disclosure
11449| [84111] Apache HTTP Server command execution
11450| [84043] Apache Virtual Computing Lab cross-site scripting
11451| [84042] Apache Virtual Computing Lab cross-site scripting
11452| [83782] Apache CloudStack information disclosure
11453| [83781] Apache CloudStack security bypass
11454| [83720] Apache ActiveMQ cross-site scripting
11455| [83719] Apache ActiveMQ denial of service
11456| [83718] Apache ActiveMQ denial of service
11457| [83263] Apache Subversion denial of service
11458| [83262] Apache Subversion denial of service
11459| [83261] Apache Subversion denial of service
11460| [83259] Apache Subversion denial of service
11461| [83035] Apache mod_ruid2 security bypass
11462| [82852] Apache Qpid federation_tag security bypass
11463| [82851] Apache Qpid qpid::framing::Buffer denial of service
11464| [82758] Apache Rave User RPC API information disclosure
11465| [82663] Apache Subversion svn_fs_file_length() denial of service
11466| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
11467| [82641] Apache Qpid AMQP denial of service
11468| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
11469| [82618] Apache Commons FileUpload symlink
11470| [82360] Apache HTTP Server manager interface cross-site scripting
11471| [82359] Apache HTTP Server hostnames cross-site scripting
11472| [82338] Apache Tomcat log/logdir information disclosure
11473| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
11474| [82268] Apache OpenJPA deserialization command execution
11475| [81981] Apache CXF UsernameTokens security bypass
11476| [81980] Apache CXF WS-Security security bypass
11477| [81398] Apache OFBiz cross-site scripting
11478| [81240] Apache CouchDB directory traversal
11479| [81226] Apache CouchDB JSONP code execution
11480| [81225] Apache CouchDB Futon user interface cross-site scripting
11481| [81211] Apache Axis2/C SSL spoofing
11482| [81167] Apache CloudStack DeployVM information disclosure
11483| [81166] Apache CloudStack AddHost API information disclosure
11484| [81165] Apache CloudStack createSSHKeyPair API information disclosure
11485| [80518] Apache Tomcat cross-site request forgery security bypass
11486| [80517] Apache Tomcat FormAuthenticator security bypass
11487| [80516] Apache Tomcat NIO denial of service
11488| [80408] Apache Tomcat replay-countermeasure security bypass
11489| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
11490| [80317] Apache Tomcat slowloris denial of service
11491| [79984] Apache Commons HttpClient SSL spoofing
11492| [79983] Apache CXF SSL spoofing
11493| [79830] Apache Axis2/Java SSL spoofing
11494| [79829] Apache Axis SSL spoofing
11495| [79809] Apache Tomcat DIGEST security bypass
11496| [79806] Apache Tomcat parseHeaders() denial of service
11497| [79540] Apache OFBiz unspecified
11498| [79487] Apache Axis2 SAML security bypass
11499| [79212] Apache Cloudstack code execution
11500| [78734] Apache CXF SOAP Action security bypass
11501| [78730] Apache Qpid broker denial of service
11502| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
11503| [78563] Apache mod_pagespeed module unspecified cross-site scripting
11504| [78562] Apache mod_pagespeed module security bypass
11505| [78454] Apache Axis2 security bypass
11506| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
11507| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
11508| [78321] Apache Wicket unspecified cross-site scripting
11509| [78183] Apache Struts parameters denial of service
11510| [78182] Apache Struts cross-site request forgery
11511| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
11512| [77987] mod_rpaf module for Apache denial of service
11513| [77958] Apache Struts skill name code execution
11514| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
11515| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
11516| [77568] Apache Qpid broker security bypass
11517| [77421] Apache Libcloud spoofing
11518| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
11519| [77046] Oracle Solaris Apache HTTP Server information disclosure
11520| [76837] Apache Hadoop information disclosure
11521| [76802] Apache Sling CopyFrom denial of service
11522| [76692] Apache Hadoop symlink
11523| [76535] Apache Roller console cross-site request forgery
11524| [76534] Apache Roller weblog cross-site scripting
11525| [76152] Apache CXF elements security bypass
11526| [76151] Apache CXF child policies security bypass
11527| [75983] MapServer for Windows Apache file include
11528| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
11529| [75558] Apache POI denial of service
11530| [75545] PHP apache_request_headers() buffer overflow
11531| [75302] Apache Qpid SASL security bypass
11532| [75211] Debian GNU/Linux apache 2 cross-site scripting
11533| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
11534| [74871] Apache OFBiz FlexibleStringExpander code execution
11535| [74870] Apache OFBiz multiple cross-site scripting
11536| [74750] Apache Hadoop unspecified spoofing
11537| [74319] Apache Struts XSLTResult.java file upload
11538| [74313] Apache Traffic Server header buffer overflow
11539| [74276] Apache Wicket directory traversal
11540| [74273] Apache Wicket unspecified cross-site scripting
11541| [74181] Apache HTTP Server mod_fcgid module denial of service
11542| [73690] Apache Struts OGNL code execution
11543| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
11544| [73100] Apache MyFaces in directory traversal
11545| [73096] Apache APR hash denial of service
11546| [73052] Apache Struts name cross-site scripting
11547| [73030] Apache CXF UsernameToken security bypass
11548| [72888] Apache Struts lastName cross-site scripting
11549| [72758] Apache HTTP Server httpOnly information disclosure
11550| [72757] Apache HTTP Server MPM denial of service
11551| [72585] Apache Struts ParameterInterceptor security bypass
11552| [72438] Apache Tomcat Digest security bypass
11553| [72437] Apache Tomcat Digest security bypass
11554| [72436] Apache Tomcat DIGEST security bypass
11555| [72425] Apache Tomcat parameter denial of service
11556| [72422] Apache Tomcat request object information disclosure
11557| [72377] Apache HTTP Server scoreboard security bypass
11558| [72345] Apache HTTP Server HTTP request denial of service
11559| [72229] Apache Struts ExceptionDelegator command execution
11560| [72089] Apache Struts ParameterInterceptor directory traversal
11561| [72088] Apache Struts CookieInterceptor command execution
11562| [72047] Apache Geronimo hash denial of service
11563| [72016] Apache Tomcat hash denial of service
11564| [71711] Apache Struts OGNL expression code execution
11565| [71654] Apache Struts interfaces security bypass
11566| [71620] Apache ActiveMQ failover denial of service
11567| [71617] Apache HTTP Server mod_proxy module information disclosure
11568| [71508] Apache MyFaces EL security bypass
11569| [71445] Apache HTTP Server mod_proxy security bypass
11570| [71203] Apache Tomcat servlets privilege escalation
11571| [71181] Apache HTTP Server ap_pregsub() denial of service
11572| [71093] Apache HTTP Server ap_pregsub() buffer overflow
11573| [70336] Apache HTTP Server mod_proxy information disclosure
11574| [69804] Apache HTTP Server mod_proxy_ajp denial of service
11575| [69472] Apache Tomcat AJP security bypass
11576| [69396] Apache HTTP Server ByteRange filter denial of service
11577| [69394] Apache Wicket multi window support cross-site scripting
11578| [69176] Apache Tomcat XML information disclosure
11579| [69161] Apache Tomcat jsvc information disclosure
11580| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
11581| [68541] Apache Tomcat sendfile information disclosure
11582| [68420] Apache XML Security denial of service
11583| [68238] Apache Tomcat JMX information disclosure
11584| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
11585| [67804] Apache Subversion control rules information disclosure
11586| [67803] Apache Subversion control rules denial of service
11587| [67802] Apache Subversion baselined denial of service
11588| [67672] Apache Archiva multiple cross-site scripting
11589| [67671] Apache Archiva multiple cross-site request forgery
11590| [67564] Apache APR apr_fnmatch() denial of service
11591| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
11592| [67515] Apache Tomcat annotations security bypass
11593| [67480] Apache Struts s:submit information disclosure
11594| [67414] Apache APR apr_fnmatch() denial of service
11595| [67356] Apache Struts javatemplates cross-site scripting
11596| [67354] Apache Struts Xwork cross-site scripting
11597| [66676] Apache Tomcat HTTP BIO information disclosure
11598| [66675] Apache Tomcat web.xml security bypass
11599| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
11600| [66241] Apache HttpComponents information disclosure
11601| [66154] Apache Tomcat ServletSecurity security bypass
11602| [65971] Apache Tomcat ServletSecurity security bypass
11603| [65876] Apache Subversion mod_dav_svn denial of service
11604| [65343] Apache Continuum unspecified cross-site scripting
11605| [65162] Apache Tomcat NIO connector denial of service
11606| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
11607| [65160] Apache Tomcat HTML Manager interface cross-site scripting
11608| [65159] Apache Tomcat ServletContect security bypass
11609| [65050] Apache CouchDB web-based administration UI cross-site scripting
11610| [64773] Oracle HTTP Server Apache Plugin unauthorized access
11611| [64473] Apache Subversion blame -g denial of service
11612| [64472] Apache Subversion walk() denial of service
11613| [64407] Apache Axis2 CVE-2010-0219 code execution
11614| [63926] Apache Archiva password privilege escalation
11615| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
11616| [63493] Apache Archiva credentials cross-site request forgery
11617| [63477] Apache Tomcat HttpOnly session hijacking
11618| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
11619| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
11620| [62959] Apache Shiro filters security bypass
11621| [62790] Apache Perl cgi module denial of service
11622| [62576] Apache Qpid exchange denial of service
11623| [62575] Apache Qpid AMQP denial of service
11624| [62354] Apache Qpid SSL denial of service
11625| [62235] Apache APR-util apr_brigade_split_line() denial of service
11626| [62181] Apache XML-RPC SAX Parser information disclosure
11627| [61721] Apache Traffic Server cache poisoning
11628| [61202] Apache Derby BUILTIN authentication functionality information disclosure
11629| [61186] Apache CouchDB Futon cross-site request forgery
11630| [61169] Apache CXF DTD denial of service
11631| [61070] Apache Jackrabbit search.jsp SQL injection
11632| [61006] Apache SLMS Quoting cross-site request forgery
11633| [60962] Apache Tomcat time cross-site scripting
11634| [60883] Apache mod_proxy_http information disclosure
11635| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
11636| [60264] Apache Tomcat Transfer-Encoding denial of service
11637| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
11638| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
11639| [59413] Apache mod_proxy_http timeout information disclosure
11640| [59058] Apache MyFaces unencrypted view state cross-site scripting
11641| [58827] Apache Axis2 xsd file include
11642| [58790] Apache Axis2 modules cross-site scripting
11643| [58299] Apache ActiveMQ queueBrowse cross-site scripting
11644| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
11645| [58056] Apache ActiveMQ .jsp source code disclosure
11646| [58055] Apache Tomcat realm name information disclosure
11647| [58046] Apache HTTP Server mod_auth_shadow security bypass
11648| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
11649| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
11650| [57429] Apache CouchDB algorithms information disclosure
11651| [57398] Apache ActiveMQ Web console cross-site request forgery
11652| [57397] Apache ActiveMQ createDestination.action cross-site scripting
11653| [56653] Apache HTTP Server DNS spoofing
11654| [56652] Apache HTTP Server DNS cross-site scripting
11655| [56625] Apache HTTP Server request header information disclosure
11656| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
11657| [56623] Apache HTTP Server mod_proxy_ajp denial of service
11658| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
11659| [55857] Apache Tomcat WAR files directory traversal
11660| [55856] Apache Tomcat autoDeploy attribute security bypass
11661| [55855] Apache Tomcat WAR directory traversal
11662| [55210] Intuit component for Joomla! Apache information disclosure
11663| [54533] Apache Tomcat 404 error page cross-site scripting
11664| [54182] Apache Tomcat admin default password
11665| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
11666| [53666] Apache HTTP Server Solaris pollset support denial of service
11667| [53650] Apache HTTP Server HTTP basic-auth module security bypass
11668| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
11669| [53041] mod_proxy_ftp module for Apache denial of service
11670| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
11671| [51953] Apache Tomcat Path Disclosure
11672| [51952] Apache Tomcat Path Traversal
11673| [51951] Apache stronghold-status Information Disclosure
11674| [51950] Apache stronghold-info Information Disclosure
11675| [51949] Apache PHP Source Code Disclosure
11676| [51948] Apache Multiviews Attack
11677| [51946] Apache JServ Environment Status Information Disclosure
11678| [51945] Apache error_log Information Disclosure
11679| [51944] Apache Default Installation Page Pattern Found
11680| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
11681| [51942] Apache AXIS XML External Entity File Retrieval
11682| [51941] Apache AXIS Sample Servlet Information Leak
11683| [51940] Apache access_log Information Disclosure
11684| [51626] Apache mod_deflate denial of service
11685| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
11686| [51365] Apache Tomcat RequestDispatcher security bypass
11687| [51273] Apache HTTP Server Incomplete Request denial of service
11688| [51195] Apache Tomcat XML information disclosure
11689| [50994] Apache APR-util xml/apr_xml.c denial of service
11690| [50993] Apache APR-util apr_brigade_vprintf denial of service
11691| [50964] Apache APR-util apr_strmatch_precompile() denial of service
11692| [50930] Apache Tomcat j_security_check information disclosure
11693| [50928] Apache Tomcat AJP denial of service
11694| [50884] Apache HTTP Server XML ENTITY denial of service
11695| [50808] Apache HTTP Server AllowOverride privilege escalation
11696| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
11697| [50059] Apache mod_proxy_ajp information disclosure
11698| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
11699| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
11700| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
11701| [49921] Apache ActiveMQ Web interface cross-site scripting
11702| [49898] Apache Geronimo Services/Repository directory traversal
11703| [49725] Apache Tomcat mod_jk module information disclosure
11704| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
11705| [49712] Apache Struts unspecified cross-site scripting
11706| [49213] Apache Tomcat cal2.jsp cross-site scripting
11707| [48934] Apache Tomcat POST doRead method information disclosure
11708| [48211] Apache Tomcat header HTTP request smuggling
11709| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
11710| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
11711| [47709] Apache Roller "
11712| [47104] Novell Netware ApacheAdmin console security bypass
11713| [47086] Apache HTTP Server OS fingerprinting unspecified
11714| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
11715| [45791] Apache Tomcat RemoteFilterValve security bypass
11716| [44435] Oracle WebLogic Apache Connector buffer overflow
11717| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
11718| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
11719| [44156] Apache Tomcat RequestDispatcher directory traversal
11720| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
11721| [43885] Oracle WebLogic Server Apache Connector buffer overflow
11722| [42987] Apache HTTP Server mod_proxy module denial of service
11723| [42915] Apache Tomcat JSP files path disclosure
11724| [42914] Apache Tomcat MS-DOS path disclosure
11725| [42892] Apache Tomcat unspecified unauthorized access
11726| [42816] Apache Tomcat Host Manager cross-site scripting
11727| [42303] Apache 403 error cross-site scripting
11728| [41618] Apache-SSL ExpandCert() authentication bypass
11729| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
11730| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
11731| [40614] Apache mod_jk2 HTTP Host header buffer overflow
11732| [40562] Apache Geronimo init information disclosure
11733| [40478] Novell Web Manager webadmin-apache.conf security bypass
11734| [40411] Apache Tomcat exception handling information disclosure
11735| [40409] Apache Tomcat native (APR based) connector weak security
11736| [40403] Apache Tomcat quotes and %5C cookie information disclosure
11737| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
11738| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
11739| [39867] Apache HTTP Server mod_negotiation cross-site scripting
11740| [39804] Apache Tomcat SingleSignOn information disclosure
11741| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
11742| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
11743| [39608] Apache HTTP Server balancer manager cross-site request forgery
11744| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
11745| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
11746| [39472] Apache HTTP Server mod_status cross-site scripting
11747| [39201] Apache Tomcat JULI logging weak security
11748| [39158] Apache HTTP Server Windows SMB shares information disclosure
11749| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
11750| [38951] Apache::AuthCAS Perl module cookie SQL injection
11751| [38800] Apache HTTP Server 413 error page cross-site scripting
11752| [38211] Apache Geronimo SQLLoginModule authentication bypass
11753| [37243] Apache Tomcat WebDAV directory traversal
11754| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
11755| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
11756| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
11757| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
11758| [36782] Apache Geronimo MEJB unauthorized access
11759| [36586] Apache HTTP Server UTF-7 cross-site scripting
11760| [36468] Apache Geronimo LoginModule security bypass
11761| [36467] Apache Tomcat functions.jsp cross-site scripting
11762| [36402] Apache Tomcat calendar cross-site request forgery
11763| [36354] Apache HTTP Server mod_proxy module denial of service
11764| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
11765| [36336] Apache Derby lock table privilege escalation
11766| [36335] Apache Derby schema privilege escalation
11767| [36006] Apache Tomcat "
11768| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
11769| [35999] Apache Tomcat \"
11770| [35795] Apache Tomcat CookieExample cross-site scripting
11771| [35536] Apache Tomcat SendMailServlet example cross-site scripting
11772| [35384] Apache HTTP Server mod_cache module denial of service
11773| [35097] Apache HTTP Server mod_status module cross-site scripting
11774| [35095] Apache HTTP Server Prefork MPM module denial of service
11775| [34984] Apache HTTP Server recall_headers information disclosure
11776| [34966] Apache HTTP Server MPM content spoofing
11777| [34965] Apache HTTP Server MPM information disclosure
11778| [34963] Apache HTTP Server MPM multiple denial of service
11779| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
11780| [34869] Apache Tomcat JSP example Web application cross-site scripting
11781| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
11782| [34496] Apache Tomcat JK Connector security bypass
11783| [34377] Apache Tomcat hello.jsp cross-site scripting
11784| [34212] Apache Tomcat SSL configuration security bypass
11785| [34210] Apache Tomcat Accept-Language cross-site scripting
11786| [34209] Apache Tomcat calendar application cross-site scripting
11787| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
11788| [34167] Apache Axis WSDL file path disclosure
11789| [34068] Apache Tomcat AJP connector information disclosure
11790| [33584] Apache HTTP Server suEXEC privilege escalation
11791| [32988] Apache Tomcat proxy module directory traversal
11792| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
11793| [32708] Debian Apache tty privilege escalation
11794| [32441] ApacheStats extract() PHP call unspecified
11795| [32128] Apache Tomcat default account
11796| [31680] Apache Tomcat RequestParamExample cross-site scripting
11797| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
11798| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
11799| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
11800| [30456] Apache mod_auth_kerb off-by-one buffer overflow
11801| [29550] Apache mod_tcl set_var() format string
11802| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
11803| [28357] Apache HTTP Server mod_alias script source information disclosure
11804| [28063] Apache mod_rewrite off-by-one buffer overflow
11805| [27902] Apache Tomcat URL information disclosure
11806| [26786] Apache James SMTP server denial of service
11807| [25680] libapache2 /tmp/svn file upload
11808| [25614] Apache Struts lookupMap cross-site scripting
11809| [25613] Apache Struts ActionForm denial of service
11810| [25612] Apache Struts isCancelled() security bypass
11811| [24965] Apache mod_python FileSession command execution
11812| [24716] Apache James spooler memory leak denial of service
11813| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
11814| [24158] Apache Geronimo jsp-examples cross-site scripting
11815| [24030] Apache auth_ldap module multiple format strings
11816| [24008] Apache mod_ssl custom error message denial of service
11817| [24003] Apache mod_auth_pgsql module multiple syslog format strings
11818| [23612] Apache mod_imap referer field cross-site scripting
11819| [23173] Apache Struts error message cross-site scripting
11820| [22942] Apache Tomcat directory listing denial of service
11821| [22858] Apache Multi-Processing Module code allows denial of service
11822| [22602] RHSA-2005:582 updates for Apache httpd not installed
11823| [22520] Apache mod-auth-shadow "
11824| [22466] ApacheTop symlink
11825| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
11826| [22006] Apache HTTP Server byte-range filter denial of service
11827| [21567] Apache mod_ssl off-by-one buffer overflow
11828| [21195] Apache HTTP Server header HTTP request smuggling
11829| [20383] Apache HTTP Server htdigest buffer overflow
11830| [19681] Apache Tomcat AJP12 request denial of service
11831| [18993] Apache HTTP server check_forensic symlink attack
11832| [18790] Apache Tomcat Manager cross-site scripting
11833| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
11834| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
11835| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
11836| [17961] Apache Web server ServerTokens has not been set
11837| [17930] Apache HTTP Server HTTP GET request denial of service
11838| [17785] Apache mod_include module buffer overflow
11839| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
11840| [17473] Apache HTTP Server Satisfy directive allows access to resources
11841| [17413] Apache htpasswd buffer overflow
11842| [17384] Apache HTTP Server environment variable configuration file buffer overflow
11843| [17382] Apache HTTP Server IPv6 apr_util denial of service
11844| [17366] Apache HTTP Server mod_dav module LOCK denial of service
11845| [17273] Apache HTTP Server speculative mode denial of service
11846| [17200] Apache HTTP Server mod_ssl denial of service
11847| [16890] Apache HTTP Server server-info request has been detected
11848| [16889] Apache HTTP Server server-status request has been detected
11849| [16705] Apache mod_ssl format string attack
11850| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
11851| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
11852| [16230] Apache HTTP Server PHP denial of service
11853| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
11854| [15958] Apache HTTP Server authentication modules memory corruption
11855| [15547] Apache HTTP Server mod_disk_cache local information disclosure
11856| [15540] Apache HTTP Server socket starvation denial of service
11857| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
11858| [15422] Apache HTTP Server mod_access information disclosure
11859| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
11860| [15293] Apache for Cygwin "
11861| [15065] Apache-SSL has a default password
11862| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
11863| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
11864| [14751] Apache Mod_python output filter information disclosure
11865| [14125] Apache HTTP Server mod_userdir module information disclosure
11866| [14075] Apache HTTP Server mod_php file descriptor leak
11867| [13703] Apache HTTP Server account
11868| [13689] Apache HTTP Server configuration allows symlinks
11869| [13688] Apache HTTP Server configuration allows SSI
11870| [13687] Apache HTTP Server Server: header value
11871| [13685] Apache HTTP Server ServerTokens value
11872| [13684] Apache HTTP Server ServerSignature value
11873| [13672] Apache HTTP Server config allows directory autoindexing
11874| [13671] Apache HTTP Server default content
11875| [13670] Apache HTTP Server config file directive references outside content root
11876| [13668] Apache HTTP Server httpd not running in chroot environment
11877| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
11878| [13664] Apache HTTP Server config file contains ScriptAlias entry
11879| [13663] Apache HTTP Server CGI support modules loaded
11880| [13661] Apache HTTP Server config file contains AddHandler entry
11881| [13660] Apache HTTP Server 500 error page not CGI script
11882| [13659] Apache HTTP Server 413 error page not CGI script
11883| [13658] Apache HTTP Server 403 error page not CGI script
11884| [13657] Apache HTTP Server 401 error page not CGI script
11885| [13552] Apache HTTP Server mod_cgid module information disclosure
11886| [13550] Apache GET request directory traversal
11887| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
11888| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
11889| [13429] Apache Tomcat non-HTTP request denial of service
11890| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
11891| [13295] Apache weak password encryption
11892| [13254] Apache Tomcat .jsp cross-site scripting
11893| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
11894| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
11895| [12681] Apache HTTP Server mod_proxy could allow mail relaying
11896| [12662] Apache HTTP Server rotatelogs denial of service
11897| [12554] Apache Tomcat stores password in plain text
11898| [12553] Apache HTTP Server redirects and subrequests denial of service
11899| [12552] Apache HTTP Server FTP proxy server denial of service
11900| [12551] Apache HTTP Server prefork MPM denial of service
11901| [12550] Apache HTTP Server weaker than expected encryption
11902| [12549] Apache HTTP Server type-map file denial of service
11903| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
11904| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
11905| [12091] Apache HTTP Server apr_password_validate denial of service
11906| [12090] Apache HTTP Server apr_psprintf code execution
11907| [11804] Apache HTTP Server mod_access_referer denial of service
11908| [11750] Apache HTTP Server could leak sensitive file descriptors
11909| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
11910| [11703] Apache long slash path allows directory listing
11911| [11695] Apache HTTP Server LF (Line Feed) denial of service
11912| [11694] Apache HTTP Server filestat.c denial of service
11913| [11438] Apache HTTP Server MIME message boundaries information disclosure
11914| [11412] Apache HTTP Server error log terminal escape sequence injection
11915| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
11916| [11195] Apache Tomcat web.xml could be used to read files
11917| [11194] Apache Tomcat URL appended with a null character could list directories
11918| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
11919| [11126] Apache HTTP Server illegal character file disclosure
11920| [11125] Apache HTTP Server DOS device name HTTP POST code execution
11921| [11124] Apache HTTP Server DOS device name denial of service
11922| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
11923| [10938] Apache HTTP Server printenv test CGI cross-site scripting
11924| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
11925| [10575] Apache mod_php module could allow an attacker to take over the httpd process
11926| [10499] Apache HTTP Server WebDAV HTTP POST view source
11927| [10457] Apache HTTP Server mod_ssl "
11928| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
11929| [10414] Apache HTTP Server htdigest multiple buffer overflows
11930| [10413] Apache HTTP Server htdigest temporary file race condition
11931| [10412] Apache HTTP Server htpasswd temporary file race condition
11932| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
11933| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
11934| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
11935| [10280] Apache HTTP Server shared memory scorecard overwrite
11936| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
11937| [10241] Apache HTTP Server Host: header cross-site scripting
11938| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
11939| [10208] Apache HTTP Server mod_dav denial of service
11940| [10206] HP VVOS Apache mod_ssl denial of service
11941| [10200] Apache HTTP Server stderr denial of service
11942| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
11943| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
11944| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
11945| [10098] Slapper worm targets OpenSSL/Apache systems
11946| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
11947| [9875] Apache HTTP Server .var file request could disclose installation path
11948| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
11949| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
11950| [9623] Apache HTTP Server ap_log_rerror() path disclosure
11951| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
11952| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
11953| [9396] Apache Tomcat null character to threads denial of service
11954| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
11955| [9249] Apache HTTP Server chunked encoding heap buffer overflow
11956| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
11957| [8932] Apache Tomcat example class information disclosure
11958| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
11959| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
11960| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
11961| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
11962| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
11963| [8400] Apache HTTP Server mod_frontpage buffer overflows
11964| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
11965| [8308] Apache "
11966| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
11967| [8119] Apache and PHP OPTIONS request reveals "
11968| [8054] Apache is running on the system
11969| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
11970| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
11971| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
11972| [7836] Apache HTTP Server log directory denial of service
11973| [7815] Apache for Windows "
11974| [7810] Apache HTTP request could result in unexpected behavior
11975| [7599] Apache Tomcat reveals installation path
11976| [7494] Apache "
11977| [7419] Apache Web Server could allow remote attackers to overwrite .log files
11978| [7363] Apache Web Server hidden HTTP requests
11979| [7249] Apache mod_proxy denial of service
11980| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
11981| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
11982| [7059] Apache "
11983| [7057] Apache "
11984| [7056] Apache "
11985| [7055] Apache "
11986| [7054] Apache "
11987| [6997] Apache Jakarta Tomcat error message may reveal information
11988| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
11989| [6970] Apache crafted HTTP request could reveal the internal IP address
11990| [6921] Apache long slash path allows directory listing
11991| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
11992| [6527] Apache Web Server for Windows and OS2 denial of service
11993| [6316] Apache Jakarta Tomcat may reveal JSP source code
11994| [6305] Apache Jakarta Tomcat directory traversal
11995| [5926] Linux Apache symbolic link
11996| [5659] Apache Web server discloses files when used with php script
11997| [5310] Apache mod_rewrite allows attacker to view arbitrary files
11998| [5204] Apache WebDAV directory listings
11999| [5197] Apache Web server reveals CGI script source code
12000| [5160] Apache Jakarta Tomcat default installation
12001| [5099] Trustix Secure Linux installs Apache with world writable access
12002| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
12003| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
12004| [4931] Apache source.asp example file allows users to write to files
12005| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
12006| [4205] Apache Jakarta Tomcat delivers file contents
12007| [2084] Apache on Debian by default serves the /usr/doc directory
12008| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
12009| [697] Apache HTTP server beck exploit
12010| [331] Apache cookies buffer overflow
12011| Exploit-DB - https://www.exploit-db.com:
12012#######################################################################################################################################
12013| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
12014| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12015| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12016| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
12017| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
12018| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
12019| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
12020| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
12021| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
12022| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12023| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
12024| [29859] Apache Roller OGNL Injection
12025| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
12026| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
12027| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
12028| [29290] Apache / PHP 5.x Remote Code Execution Exploit
12029| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
12030| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
12031| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
12032| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
12033| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
12034| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
12035| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
12036| [27096] Apache Geronimo 1.0 Error Page XSS
12037| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
12038| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
12039| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
12040| [25986] Plesk Apache Zeroday Remote Exploit
12041| [25980] Apache Struts includeParams Remote Code Execution
12042| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
12043| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
12044| [24874] Apache Struts ParametersInterceptor Remote Code Execution
12045| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
12046| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
12047| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
12048| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
12049| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
12050| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
12051| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
12052| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
12053| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
12054| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
12055| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
12056| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
12057| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
12058| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
12059| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
12060| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
12061| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12062| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
12063| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
12064| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12065| [21719] Apache 2.0 Path Disclosure Vulnerability
12066| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12067| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
12068| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
12069| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
12070| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
12071| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
12072| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
12073| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
12074| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
12075| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
12076| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
12077| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
12078| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
12079| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
12080| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
12081| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
12082| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
12083| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
12084| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
12085| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
12086| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
12087| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
12088| [20558] Apache 1.2 Web Server DoS Vulnerability
12089| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
12090| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
12091| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
12092| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
12093| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
12094| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
12095| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
12096| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
12097| [19231] PHP apache_request_headers Function Buffer Overflow
12098| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
12099| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
12100| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
12101| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
12102| [18442] Apache httpOnly Cookie Disclosure
12103| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
12104| [18221] Apache HTTP Server Denial of Service
12105| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
12106| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
12107| [17691] Apache Struts < 2.2.0 - Remote Command Execution
12108| [16798] Apache mod_jk 1.2.20 Buffer Overflow
12109| [16782] Apache Win32 Chunked Encoding
12110| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
12111| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
12112| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
12113| [15319] Apache 2.2 (Windows) Local Denial of Service
12114| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
12115| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12116| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
12117| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
12118| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
12119| [12330] Apache OFBiz - Multiple XSS
12120| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
12121| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
12122| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
12123| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
12124| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
12125| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
12126| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
12127| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12128| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12129| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
12130| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
12131| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
12132| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12133| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
12134| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
12135| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
12136| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
12137| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
12138| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
12139| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
12140| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
12141| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
12142| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
12143| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
12144| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
12145| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
12146| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
12147| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
12148| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
12149| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
12150| [466] htpasswd Apache 1.3.31 - Local Exploit
12151| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
12152| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
12153| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
12154| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
12155| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
12156| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
12157| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
12158| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
12159| [9] Apache HTTP Server 2.x Memory Leak Exploit
12160#######################################################################################################################################
12161| OpenVAS (Nessus) - http://www.openvas.org:
12162| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
12163| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
12164| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12165| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
12166| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
12167| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12168| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
12169| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
12170| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
12171| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
12172| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
12173| [900571] Apache APR-Utils Version Detection
12174| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
12175| [900496] Apache Tiles Multiple XSS Vulnerability
12176| [900493] Apache Tiles Version Detection
12177| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
12178| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
12179| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
12180| [870175] RedHat Update for apache RHSA-2008:0004-01
12181| [864591] Fedora Update for apache-poi FEDORA-2012-10835
12182| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
12183| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
12184| [864250] Fedora Update for apache-poi FEDORA-2012-7683
12185| [864249] Fedora Update for apache-poi FEDORA-2012-7686
12186| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
12187| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
12188| [855821] Solaris Update for Apache 1.3 122912-19
12189| [855812] Solaris Update for Apache 1.3 122911-19
12190| [855737] Solaris Update for Apache 1.3 122911-17
12191| [855731] Solaris Update for Apache 1.3 122912-17
12192| [855695] Solaris Update for Apache 1.3 122911-16
12193| [855645] Solaris Update for Apache 1.3 122912-16
12194| [855587] Solaris Update for kernel update and Apache 108529-29
12195| [855566] Solaris Update for Apache 116973-07
12196| [855531] Solaris Update for Apache 116974-07
12197| [855524] Solaris Update for Apache 2 120544-14
12198| [855494] Solaris Update for Apache 1.3 122911-15
12199| [855478] Solaris Update for Apache Security 114145-11
12200| [855472] Solaris Update for Apache Security 113146-12
12201| [855179] Solaris Update for Apache 1.3 122912-15
12202| [855147] Solaris Update for kernel update and Apache 108528-29
12203| [855077] Solaris Update for Apache 2 120543-14
12204| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
12205| [850088] SuSE Update for apache2 SUSE-SA:2007:061
12206| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
12207| [841209] Ubuntu Update for apache2 USN-1627-1
12208| [840900] Ubuntu Update for apache2 USN-1368-1
12209| [840798] Ubuntu Update for apache2 USN-1259-1
12210| [840734] Ubuntu Update for apache2 USN-1199-1
12211| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
12212| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
12213| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
12214| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
12215| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
12216| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
12217| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
12218| [835253] HP-UX Update for Apache Web Server HPSBUX02645
12219| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
12220| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
12221| [835236] HP-UX Update for Apache with PHP HPSBUX02543
12222| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
12223| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
12224| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
12225| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
12226| [835188] HP-UX Update for Apache HPSBUX02308
12227| [835181] HP-UX Update for Apache With PHP HPSBUX02332
12228| [835180] HP-UX Update for Apache with PHP HPSBUX02342
12229| [835172] HP-UX Update for Apache HPSBUX02365
12230| [835168] HP-UX Update for Apache HPSBUX02313
12231| [835148] HP-UX Update for Apache HPSBUX01064
12232| [835139] HP-UX Update for Apache with PHP HPSBUX01090
12233| [835131] HP-UX Update for Apache HPSBUX00256
12234| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
12235| [835104] HP-UX Update for Apache HPSBUX00224
12236| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
12237| [835101] HP-UX Update for Apache HPSBUX01232
12238| [835080] HP-UX Update for Apache HPSBUX02273
12239| [835078] HP-UX Update for ApacheStrong HPSBUX00255
12240| [835044] HP-UX Update for Apache HPSBUX01019
12241| [835040] HP-UX Update for Apache PHP HPSBUX00207
12242| [835025] HP-UX Update for Apache HPSBUX00197
12243| [835023] HP-UX Update for Apache HPSBUX01022
12244| [835022] HP-UX Update for Apache HPSBUX02292
12245| [835005] HP-UX Update for Apache HPSBUX02262
12246| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
12247| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
12248| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
12249| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
12250| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
12251| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
12252| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
12253| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
12254| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
12255| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
12256| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
12257| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
12258| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
12259| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
12260| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
12261| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
12262| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
12263| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
12264| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
12265| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
12266| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
12267| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
12268| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
12269| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
12270| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
12271| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
12272| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
12273| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
12274| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
12275| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
12276| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12277| [801942] Apache Archiva Multiple Vulnerabilities
12278| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
12279| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
12280| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
12281| [801284] Apache Derby Information Disclosure Vulnerability
12282| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
12283| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
12284| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
12285| [800680] Apache APR Version Detection
12286| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12287| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12288| [800677] Apache Roller Version Detection
12289| [800279] Apache mod_jk Module Version Detection
12290| [800278] Apache Struts Cross Site Scripting Vulnerability
12291| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
12292| [800276] Apache Struts Version Detection
12293| [800271] Apache Struts Directory Traversal Vulnerability
12294| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
12295| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12296| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12297| [103122] Apache Web Server ETag Header Information Disclosure Weakness
12298| [103074] Apache Continuum Cross Site Scripting Vulnerability
12299| [103073] Apache Continuum Detection
12300| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12301| [101023] Apache Open For Business Weak Password security check
12302| [101020] Apache Open For Business HTML injection vulnerability
12303| [101019] Apache Open For Business service detection
12304| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
12305| [100923] Apache Archiva Detection
12306| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12307| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12308| [100813] Apache Axis2 Detection
12309| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12310| [100795] Apache Derby Detection
12311| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
12312| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12313| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12314| [100514] Apache Multiple Security Vulnerabilities
12315| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12316| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12317| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12318| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12319| [72626] Debian Security Advisory DSA 2579-1 (apache2)
12320| [72612] FreeBSD Ports: apache22
12321| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
12322| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
12323| [71512] FreeBSD Ports: apache
12324| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
12325| [71256] Debian Security Advisory DSA 2452-1 (apache2)
12326| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
12327| [70737] FreeBSD Ports: apache
12328| [70724] Debian Security Advisory DSA 2405-1 (apache2)
12329| [70600] FreeBSD Ports: apache
12330| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
12331| [70235] Debian Security Advisory DSA 2298-2 (apache2)
12332| [70233] Debian Security Advisory DSA 2298-1 (apache2)
12333| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
12334| [69338] Debian Security Advisory DSA 2202-1 (apache2)
12335| [67868] FreeBSD Ports: apache
12336| [66816] FreeBSD Ports: apache
12337| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
12338| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
12339| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
12340| [66081] SLES11: Security update for Apache 2
12341| [66074] SLES10: Security update for Apache 2
12342| [66070] SLES9: Security update for Apache 2
12343| [65998] SLES10: Security update for apache2-mod_python
12344| [65893] SLES10: Security update for Apache 2
12345| [65888] SLES10: Security update for Apache 2
12346| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
12347| [65510] SLES9: Security update for Apache 2
12348| [65472] SLES9: Security update for Apache
12349| [65467] SLES9: Security update for Apache
12350| [65450] SLES9: Security update for apache2
12351| [65390] SLES9: Security update for Apache2
12352| [65363] SLES9: Security update for Apache2
12353| [65309] SLES9: Security update for Apache and mod_ssl
12354| [65296] SLES9: Security update for webdav apache module
12355| [65283] SLES9: Security update for Apache2
12356| [65249] SLES9: Security update for Apache 2
12357| [65230] SLES9: Security update for Apache 2
12358| [65228] SLES9: Security update for Apache 2
12359| [65212] SLES9: Security update for apache2-mod_python
12360| [65209] SLES9: Security update for apache2-worker
12361| [65207] SLES9: Security update for Apache 2
12362| [65168] SLES9: Security update for apache2-mod_python
12363| [65142] SLES9: Security update for Apache2
12364| [65136] SLES9: Security update for Apache 2
12365| [65132] SLES9: Security update for apache
12366| [65131] SLES9: Security update for Apache 2 oes/CORE
12367| [65113] SLES9: Security update for apache2
12368| [65072] SLES9: Security update for apache and mod_ssl
12369| [65017] SLES9: Security update for Apache 2
12370| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
12371| [64783] FreeBSD Ports: apache
12372| [64774] Ubuntu USN-802-2 (apache2)
12373| [64653] Ubuntu USN-813-2 (apache2)
12374| [64559] Debian Security Advisory DSA 1834-2 (apache2)
12375| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
12376| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
12377| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
12378| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
12379| [64443] Ubuntu USN-802-1 (apache2)
12380| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
12381| [64423] Debian Security Advisory DSA 1834-1 (apache2)
12382| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
12383| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
12384| [64251] Debian Security Advisory DSA 1816-1 (apache2)
12385| [64201] Ubuntu USN-787-1 (apache2)
12386| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
12387| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
12388| [63565] FreeBSD Ports: apache
12389| [63562] Ubuntu USN-731-1 (apache2)
12390| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
12391| [61185] FreeBSD Ports: apache
12392| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
12393| [60387] Slackware Advisory SSA:2008-045-02 apache
12394| [58826] FreeBSD Ports: apache-tomcat
12395| [58825] FreeBSD Ports: apache-tomcat
12396| [58804] FreeBSD Ports: apache
12397| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
12398| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
12399| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
12400| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
12401| [57335] Debian Security Advisory DSA 1167-1 (apache)
12402| [57201] Debian Security Advisory DSA 1131-1 (apache)
12403| [57200] Debian Security Advisory DSA 1132-1 (apache2)
12404| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
12405| [57145] FreeBSD Ports: apache
12406| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
12407| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
12408| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
12409| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
12410| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
12411| [56067] FreeBSD Ports: apache
12412| [55803] Slackware Advisory SSA:2005-310-04 apache
12413| [55519] Debian Security Advisory DSA 839-1 (apachetop)
12414| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
12415| [55355] FreeBSD Ports: apache
12416| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
12417| [55261] Debian Security Advisory DSA 805-1 (apache2)
12418| [55259] Debian Security Advisory DSA 803-1 (apache)
12419| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
12420| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
12421| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
12422| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
12423| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
12424| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
12425| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
12426| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
12427| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
12428| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
12429| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
12430| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
12431| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
12432| [54439] FreeBSD Ports: apache
12433| [53931] Slackware Advisory SSA:2004-133-01 apache
12434| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
12435| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
12436| [53878] Slackware Advisory SSA:2003-308-01 apache security update
12437| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
12438| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
12439| [53848] Debian Security Advisory DSA 131-1 (apache)
12440| [53784] Debian Security Advisory DSA 021-1 (apache)
12441| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
12442| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
12443| [53735] Debian Security Advisory DSA 187-1 (apache)
12444| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
12445| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
12446| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
12447| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
12448| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
12449| [53282] Debian Security Advisory DSA 594-1 (apache)
12450| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
12451| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
12452| [53215] Debian Security Advisory DSA 525-1 (apache)
12453| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
12454| [52529] FreeBSD Ports: apache+ssl
12455| [52501] FreeBSD Ports: apache
12456| [52461] FreeBSD Ports: apache
12457| [52390] FreeBSD Ports: apache
12458| [52389] FreeBSD Ports: apache
12459| [52388] FreeBSD Ports: apache
12460| [52383] FreeBSD Ports: apache
12461| [52339] FreeBSD Ports: apache+mod_ssl
12462| [52331] FreeBSD Ports: apache
12463| [52329] FreeBSD Ports: ru-apache+mod_ssl
12464| [52314] FreeBSD Ports: apache
12465| [52310] FreeBSD Ports: apache
12466| [15588] Detect Apache HTTPS
12467| [15555] Apache mod_proxy content-length buffer overflow
12468| [15554] Apache mod_include priviledge escalation
12469| [14771] Apache <= 1.3.33 htpasswd local overflow
12470| [14177] Apache mod_access rule bypass
12471| [13644] Apache mod_rootme Backdoor
12472| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
12473| [12280] Apache Connection Blocking Denial of Service
12474| [12239] Apache Error Log Escape Sequence Injection
12475| [12123] Apache Tomcat source.jsp malformed request information disclosure
12476| [12085] Apache Tomcat servlet/JSP container default files
12477| [11438] Apache Tomcat Directory Listing and File disclosure
12478| [11204] Apache Tomcat Default Accounts
12479| [11092] Apache 2.0.39 Win32 directory traversal
12480| [11046] Apache Tomcat TroubleShooter Servlet Installed
12481| [11042] Apache Tomcat DOS Device Name XSS
12482| [11041] Apache Tomcat /servlet Cross Site Scripting
12483| [10938] Apache Remote Command Execution via .bat files
12484| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
12485| [10773] MacOS X Finder reveals contents of Apache Web files
12486| [10766] Apache UserDir Sensitive Information Disclosure
12487| [10756] MacOS X Finder reveals contents of Apache Web directories
12488| [10752] Apache Auth Module SQL Insertion Attack
12489| [10704] Apache Directory Listing
12490| [10678] Apache /server-info accessible
12491| [10677] Apache /server-status accessible
12492| [10440] Check for Apache Multiple / vulnerability
12493#######################################################################################################################################
12494| SecurityTracker - https://www.securitytracker.com:
12495| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
12496| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
12497| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
12498| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
12499| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12500| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12501| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12502| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
12503| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
12504| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
12505| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12506| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
12507| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
12508| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
12509| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
12510| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
12511| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
12512| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
12513| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
12514| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
12515| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
12516| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
12517| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
12518| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12519| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
12520| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12521| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12522| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
12523| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
12524| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
12525| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
12526| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
12527| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
12528| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
12529| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
12530| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
12531| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
12532| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
12533| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
12534| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
12535| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
12536| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
12537| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
12538| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
12539| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
12540| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
12541| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12542| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
12543| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
12544| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
12545| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
12546| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
12547| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
12548| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
12549| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
12550| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
12551| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
12552| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
12553| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
12554| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
12555| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
12556| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
12557| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
12558| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
12559| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
12560| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
12561| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
12562| [1024096] Apache mod_proxy_http May Return Results for a Different Request
12563| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
12564| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
12565| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
12566| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
12567| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
12568| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
12569| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
12570| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
12571| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
12572| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
12573| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
12574| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
12575| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
12576| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12577| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
12578| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
12579| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
12580| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
12581| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
12582| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12583| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
12584| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
12585| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
12586| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
12587| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
12588| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
12589| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
12590| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
12591| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
12592| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
12593| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
12594| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
12595| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
12596| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
12597| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
12598| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
12599| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
12600| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
12601| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
12602| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
12603| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
12604| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
12605| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
12606| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
12607| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
12608| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
12609| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
12610| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
12611| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
12612| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
12613| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
12614| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
12615| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
12616| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
12617| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
12618| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
12619| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
12620| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
12621| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
12622| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
12623| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
12624| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
12625| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
12626| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
12627| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
12628| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
12629| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
12630| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
12631| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
12632| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
12633| [1008920] Apache mod_digest May Validate Replayed Client Responses
12634| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
12635| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
12636| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
12637| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
12638| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
12639| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
12640| [1008030] Apache mod_rewrite Contains a Buffer Overflow
12641| [1008029] Apache mod_alias Contains a Buffer Overflow
12642| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
12643| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
12644| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
12645| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
12646| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
12647| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
12648| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
12649| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
12650| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
12651| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
12652| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
12653| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
12654| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
12655| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
12656| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
12657| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
12658| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
12659| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
12660| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
12661| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
12662| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
12663| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
12664| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
12665| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
12666| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
12667| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
12668| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
12669| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
12670| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
12671| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
12672| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
12673| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
12674| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
12675| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
12676| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
12677| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
12678| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
12679| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
12680| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12681| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12682| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
12683| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
12684| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
12685| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
12686| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
12687| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
12688| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
12689| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
12690| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
12691| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
12692| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
12693| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
12694| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
12695| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
12696| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
12697| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
12698|
12699| OSVDB - http://www.osvdb.org:
12700| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
12701| [96077] Apache CloudStack Global Settings Multiple Field XSS
12702| [96076] Apache CloudStack Instances Menu Display Name Field XSS
12703| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
12704| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
12705| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
12706| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
12707| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
12708| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
12709| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
12710| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
12711| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
12712| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12713| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
12714| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
12715| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
12716| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
12717| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12718| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
12719| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
12720| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
12721| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
12722| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
12723| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
12724| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
12725| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
12726| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
12727| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
12728| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
12729| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
12730| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
12731| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
12732| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
12733| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
12734| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
12735| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
12736| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
12737| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
12738| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
12739| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
12740| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
12741| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
12742| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
12743| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
12744| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
12745| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
12746| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
12747| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
12748| [94279] Apache Qpid CA Certificate Validation Bypass
12749| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
12750| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
12751| [94042] Apache Axis JAX-WS Java Unspecified Exposure
12752| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
12753| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
12754| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
12755| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
12756| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
12757| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
12758| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
12759| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
12760| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
12761| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
12762| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
12763| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
12764| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
12765| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
12766| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
12767| [93541] Apache Solr json.wrf Callback XSS
12768| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
12769| [93521] Apache jUDDI Security API Token Session Persistence Weakness
12770| [93520] Apache CloudStack Default SSL Key Weakness
12771| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
12772| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
12773| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
12774| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
12775| [93515] Apache HBase table.jsp name Parameter XSS
12776| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
12777| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
12778| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
12779| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
12780| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
12781| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
12782| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
12783| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
12784| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
12785| [93252] Apache Tomcat FORM Authenticator Session Fixation
12786| [93172] Apache Camel camel/endpoints/ Endpoint XSS
12787| [93171] Apache Sling HtmlResponse Error Message XSS
12788| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
12789| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
12790| [93168] Apache Click ErrorReport.java id Parameter XSS
12791| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
12792| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
12793| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
12794| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
12795| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
12796| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
12797| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
12798| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
12799| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
12800| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
12801| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
12802| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
12803| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
12804| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
12805| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
12806| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
12807| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
12808| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
12809| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
12810| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
12811| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
12812| [93144] Apache Solr Admin Command Execution CSRF
12813| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
12814| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
12815| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
12816| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
12817| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
12818| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
12819| [92748] Apache CloudStack VM Console Access Restriction Bypass
12820| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
12821| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
12822| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
12823| [92706] Apache ActiveMQ Debug Log Rendering XSS
12824| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
12825| [92270] Apache Tomcat Unspecified CSRF
12826| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
12827| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
12828| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
12829| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
12830| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
12831| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
12832| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
12833| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
12834| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
12835| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
12836| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
12837| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
12838| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
12839| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
12840| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
12841| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
12842| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
12843| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
12844| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
12845| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
12846| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
12847| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
12848| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
12849| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
12850| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
12851| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
12852| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
12853| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
12854| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
12855| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
12856| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
12857| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
12858| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
12859| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
12860| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
12861| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
12862| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
12863| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
12864| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
12865| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
12866| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
12867| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
12868| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
12869| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
12870| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
12871| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
12872| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
12873| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
12874| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
12875| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
12876| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
12877| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
12878| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
12879| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
12880| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
12881| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
12882| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
12883| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
12884| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
12885| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
12886| [86901] Apache Tomcat Error Message Path Disclosure
12887| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
12888| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
12889| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
12890| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
12891| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
12892| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
12893| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
12894| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
12895| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
12896| [85430] Apache mod_pagespeed Module Unspecified XSS
12897| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
12898| [85249] Apache Wicket Unspecified XSS
12899| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
12900| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
12901| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
12902| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
12903| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
12904| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
12905| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
12906| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
12907| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
12908| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
12909| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
12910| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
12911| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
12912| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
12913| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
12914| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
12915| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
12916| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
12917| [83339] Apache Roller Blogger Roll Unspecified XSS
12918| [83270] Apache Roller Unspecified Admin Action CSRF
12919| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
12920| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
12921| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
12922| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
12923| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
12924| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
12925| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
12926| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
12927| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
12928| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
12929| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
12930| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
12931| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
12932| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
12933| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
12934| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
12935| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
12936| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
12937| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
12938| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
12939| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
12940| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
12941| [80300] Apache Wicket wicket:pageMapName Parameter XSS
12942| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
12943| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
12944| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
12945| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
12946| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
12947| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
12948| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
12949| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
12950| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
12951| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
12952| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
12953| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
12954| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
12955| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
12956| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
12957| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
12958| [78331] Apache Tomcat Request Object Recycling Information Disclosure
12959| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
12960| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
12961| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
12962| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
12963| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
12964| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
12965| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
12966| [77593] Apache Struts Conversion Error OGNL Expression Injection
12967| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
12968| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
12969| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
12970| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
12971| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
12972| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
12973| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
12974| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
12975| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
12976| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
12977| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
12978| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
12979| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
12980| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
12981| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
12982| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
12983| [74725] Apache Wicket Multi Window Support Unspecified XSS
12984| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
12985| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
12986| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
12987| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
12988| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
12989| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
12990| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
12991| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
12992| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
12993| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
12994| [73644] Apache XML Security Signature Key Parsing Overflow DoS
12995| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
12996| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
12997| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
12998| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
12999| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
13000| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
13001| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
13002| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
13003| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
13004| [73154] Apache Archiva Multiple Unspecified CSRF
13005| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
13006| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
13007| [72238] Apache Struts Action / Method Names <
13008| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
13009| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
13010| [71557] Apache Tomcat HTML Manager Multiple XSS
13011| [71075] Apache Archiva User Management Page XSS
13012| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
13013| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
13014| [70924] Apache Continuum Multiple Admin Function CSRF
13015| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
13016| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
13017| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
13018| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
13019| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
13020| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
13021| [69520] Apache Archiva Administrator Credential Manipulation CSRF
13022| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
13023| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
13024| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
13025| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
13026| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
13027| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
13028| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
13029| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
13030| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
13031| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
13032| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
13033| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
13034| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
13035| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
13036| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
13037| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
13038| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
13039| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
13040| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
13041| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
13042| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
13043| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
13044| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
13045| [65054] Apache ActiveMQ Jetty Error Handler XSS
13046| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
13047| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
13048| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
13049| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
13050| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
13051| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
13052| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
13053| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
13054| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
13055| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
13056| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
13057| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
13058| [63895] Apache HTTP Server mod_headers Unspecified Issue
13059| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
13060| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
13061| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
13062| [63140] Apache Thrift Service Malformed Data Remote DoS
13063| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
13064| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
13065| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
13066| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
13067| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
13068| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
13069| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
13070| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
13071| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
13072| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
13073| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
13074| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
13075| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
13076| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
13077| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
13078| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
13079| [60678] Apache Roller Comment Email Notification Manipulation DoS
13080| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
13081| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
13082| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
13083| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
13084| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
13085| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
13086| [60232] PHP on Apache php.exe Direct Request Remote DoS
13087| [60176] Apache Tomcat Windows Installer Admin Default Password
13088| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
13089| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
13090| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
13091| [59944] Apache Hadoop jobhistory.jsp XSS
13092| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
13093| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
13094| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
13095| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
13096| [59019] Apache mod_python Cookie Salting Weakness
13097| [59018] Apache Harmony Error Message Handling Overflow
13098| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
13099| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
13100| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
13101| [59010] Apache Solr get-file.jsp XSS
13102| [59009] Apache Solr action.jsp XSS
13103| [59008] Apache Solr analysis.jsp XSS
13104| [59007] Apache Solr schema.jsp Multiple Parameter XSS
13105| [59006] Apache Beehive select / checkbox Tag XSS
13106| [59005] Apache Beehive jpfScopeID Global Parameter XSS
13107| [59004] Apache Beehive Error Message XSS
13108| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
13109| [59002] Apache Jetspeed default-page.psml URI XSS
13110| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
13111| [59000] Apache CXF Unsigned Message Policy Bypass
13112| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
13113| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
13114| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
13115| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
13116| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
13117| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
13118| [58993] Apache Hadoop browseBlock.jsp XSS
13119| [58991] Apache Hadoop browseDirectory.jsp XSS
13120| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
13121| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
13122| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
13123| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
13124| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
13125| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
13126| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
13127| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
13128| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
13129| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
13130| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
13131| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
13132| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
13133| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
13134| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
13135| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
13136| [58974] Apache Sling /apps Script User Session Management Access Weakness
13137| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
13138| [58931] Apache Geronimo Cookie Parameters Validation Weakness
13139| [58930] Apache Xalan-C++ XPath Handling Remote DoS
13140| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
13141| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
13142| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
13143| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
13144| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
13145| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
13146| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
13147| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
13148| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
13149| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
13150| [58805] Apache Derby Unauthenticated Database / Admin Access
13151| [58804] Apache Wicket Header Contribution Unspecified Issue
13152| [58803] Apache Wicket Session Fixation
13153| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
13154| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
13155| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
13156| [58799] Apache Tapestry Logging Cleartext Password Disclosure
13157| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
13158| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
13159| [58796] Apache Jetspeed Unsalted Password Storage Weakness
13160| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
13161| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
13162| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
13163| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
13164| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
13165| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
13166| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
13167| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
13168| [58775] Apache JSPWiki preview.jsp action Parameter XSS
13169| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13170| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
13171| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
13172| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
13173| [58770] Apache JSPWiki Group.jsp group Parameter XSS
13174| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
13175| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
13176| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
13177| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
13178| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13179| [58763] Apache JSPWiki Include Tag Multiple Script XSS
13180| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
13181| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
13182| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
13183| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
13184| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
13185| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
13186| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
13187| [58755] Apache Harmony DRLVM Non-public Class Member Access
13188| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
13189| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
13190| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
13191| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
13192| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
13193| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
13194| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
13195| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
13196| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
13197| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
13198| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
13199| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
13200| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
13201| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
13202| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
13203| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
13204| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
13205| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
13206| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
13207| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
13208| [58725] Apache Tapestry Basic String ACL Bypass Weakness
13209| [58724] Apache Roller Logout Functionality Failure Session Persistence
13210| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
13211| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
13212| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
13213| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
13214| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
13215| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
13216| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
13217| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
13218| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
13219| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
13220| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
13221| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
13222| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
13223| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
13224| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
13225| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
13226| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
13227| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
13228| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
13229| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
13230| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
13231| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
13232| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
13233| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
13234| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
13235| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
13236| [58687] Apache Axis Invalid wsdl Request XSS
13237| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
13238| [58685] Apache Velocity Template Designer Privileged Code Execution
13239| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
13240| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
13241| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
13242| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
13243| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
13244| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
13245| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
13246| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
13247| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
13248| [58667] Apache Roller Database Cleartext Passwords Disclosure
13249| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
13250| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
13251| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
13252| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
13253| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
13254| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
13255| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
13256| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
13257| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
13258| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
13259| [56984] Apache Xerces2 Java Malformed XML Input DoS
13260| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
13261| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
13262| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
13263| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
13264| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
13265| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
13266| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
13267| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
13268| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
13269| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
13270| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
13271| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
13272| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
13273| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
13274| [55056] Apache Tomcat Cross-application TLD File Manipulation
13275| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
13276| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
13277| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
13278| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
13279| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
13280| [54589] Apache Jserv Nonexistent JSP Request XSS
13281| [54122] Apache Struts s:a / s:url Tag href Element XSS
13282| [54093] Apache ActiveMQ Web Console JMS Message XSS
13283| [53932] Apache Geronimo Multiple Admin Function CSRF
13284| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
13285| [53930] Apache Geronimo /console/portal/ URI XSS
13286| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
13287| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
13288| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
13289| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
13290| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
13291| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
13292| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
13293| [53380] Apache Struts Unspecified XSS
13294| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
13295| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
13296| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
13297| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
13298| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
13299| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
13300| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
13301| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
13302| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
13303| [51151] Apache Roller Search Function q Parameter XSS
13304| [50482] PHP with Apache php_value Order Unspecified Issue
13305| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
13306| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
13307| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
13308| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
13309| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
13310| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
13311| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
13312| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
13313| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
13314| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
13315| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
13316| [47096] Oracle Weblogic Apache Connector POST Request Overflow
13317| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
13318| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
13319| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
13320| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
13321| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
13322| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
13323| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
13324| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
13325| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
13326| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
13327| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
13328| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
13329| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
13330| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
13331| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
13332| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
13333| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
13334| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
13335| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
13336| [43452] Apache Tomcat HTTP Request Smuggling
13337| [43309] Apache Geronimo LoginModule Login Method Bypass
13338| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
13339| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
13340| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
13341| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
13342| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
13343| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
13344| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
13345| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
13346| [42091] Apache Maven Site Plugin Installation Permission Weakness
13347| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
13348| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
13349| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
13350| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
13351| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
13352| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
13353| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
13354| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
13355| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
13356| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
13357| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
13358| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
13359| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
13360| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
13361| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
13362| [40262] Apache HTTP Server mod_status refresh XSS
13363| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
13364| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
13365| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
13366| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
13367| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
13368| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
13369| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
13370| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
13371| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
13372| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
13373| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
13374| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
13375| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
13376| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
13377| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
13378| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
13379| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
13380| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
13381| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
13382| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
13383| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
13384| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
13385| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
13386| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
13387| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
13388| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
13389| [36080] Apache Tomcat JSP Examples Crafted URI XSS
13390| [36079] Apache Tomcat Manager Uploaded Filename XSS
13391| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
13392| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
13393| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
13394| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
13395| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
13396| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
13397| [34881] Apache Tomcat Malformed Accept-Language Header XSS
13398| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
13399| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
13400| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
13401| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
13402| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
13403| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
13404| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
13405| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
13406| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
13407| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
13408| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
13409| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
13410| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
13411| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
13412| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
13413| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
13414| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
13415| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
13416| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
13417| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
13418| [32724] Apache mod_python _filter_read Freed Memory Disclosure
13419| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
13420| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
13421| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
13422| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
13423| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
13424| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
13425| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
13426| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
13427| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
13428| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
13429| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
13430| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
13431| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
13432| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
13433| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
13434| [24365] Apache Struts Multiple Function Error Message XSS
13435| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
13436| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
13437| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
13438| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
13439| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
13440| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
13441| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
13442| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
13443| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
13444| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
13445| [22459] Apache Geronimo Error Page XSS
13446| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
13447| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
13448| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
13449| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
13450| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
13451| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
13452| [21021] Apache Struts Error Message XSS
13453| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
13454| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
13455| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
13456| [20439] Apache Tomcat Directory Listing Saturation DoS
13457| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
13458| [20285] Apache HTTP Server Log File Control Character Injection
13459| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
13460| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
13461| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
13462| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
13463| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
13464| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
13465| [19821] Apache Tomcat Malformed Post Request Information Disclosure
13466| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
13467| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
13468| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
13469| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
13470| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
13471| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
13472| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
13473| [18233] Apache HTTP Server htdigest user Variable Overfow
13474| [17738] Apache HTTP Server HTTP Request Smuggling
13475| [16586] Apache HTTP Server Win32 GET Overflow DoS
13476| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
13477| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
13478| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
13479| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
13480| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
13481| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
13482| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
13483| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
13484| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
13485| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
13486| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
13487| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
13488| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
13489| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
13490| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
13491| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
13492| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
13493| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
13494| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
13495| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
13496| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
13497| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
13498| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
13499| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
13500| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
13501| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
13502| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
13503| [13304] Apache Tomcat realPath.jsp Path Disclosure
13504| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
13505| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
13506| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
13507| [12848] Apache HTTP Server htdigest realm Variable Overflow
13508| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
13509| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
13510| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
13511| [12557] Apache HTTP Server prefork MPM accept Error DoS
13512| [12233] Apache Tomcat MS-DOS Device Name Request DoS
13513| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
13514| [12231] Apache Tomcat web.xml Arbitrary File Access
13515| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
13516| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
13517| [12178] Apache Jakarta Lucene results.jsp XSS
13518| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
13519| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
13520| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
13521| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
13522| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
13523| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
13524| [10471] Apache Xerces-C++ XML Parser DoS
13525| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
13526| [10068] Apache HTTP Server htpasswd Local Overflow
13527| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
13528| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
13529| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
13530| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
13531| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
13532| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
13533| [9717] Apache HTTP Server mod_cookies Cookie Overflow
13534| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
13535| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
13536| [9714] Apache Authentication Module Threaded MPM DoS
13537| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
13538| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
13539| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
13540| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
13541| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
13542| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
13543| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
13544| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
13545| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
13546| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
13547| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
13548| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
13549| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
13550| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
13551| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
13552| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
13553| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
13554| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
13555| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
13556| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
13557| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
13558| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
13559| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
13560| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
13561| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
13562| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
13563| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
13564| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
13565| [9208] Apache Tomcat .jsp Encoded Newline XSS
13566| [9204] Apache Tomcat ROOT Application XSS
13567| [9203] Apache Tomcat examples Application XSS
13568| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
13569| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
13570| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
13571| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
13572| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
13573| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
13574| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
13575| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
13576| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
13577| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
13578| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
13579| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
13580| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
13581| [7611] Apache HTTP Server mod_alias Local Overflow
13582| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
13583| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
13584| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
13585| [6882] Apache mod_python Malformed Query String Variant DoS
13586| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
13587| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
13588| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
13589| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
13590| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
13591| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
13592| [5526] Apache Tomcat Long .JSP URI Path Disclosure
13593| [5278] Apache Tomcat web.xml Restriction Bypass
13594| [5051] Apache Tomcat Null Character DoS
13595| [4973] Apache Tomcat servlet Mapping XSS
13596| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
13597| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
13598| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
13599| [4568] mod_survey For Apache ENV Tags SQL Injection
13600| [4553] Apache HTTP Server ApacheBench Overflow DoS
13601| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
13602| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
13603| [4383] Apache HTTP Server Socket Race Condition DoS
13604| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
13605| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
13606| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
13607| [4231] Apache Cocoon Error Page Server Path Disclosure
13608| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
13609| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
13610| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
13611| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
13612| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
13613| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
13614| [3322] mod_php for Apache HTTP Server Process Hijack
13615| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
13616| [2885] Apache mod_python Malformed Query String DoS
13617| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
13618| [2733] Apache HTTP Server mod_rewrite Local Overflow
13619| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
13620| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
13621| [2149] Apache::Gallery Privilege Escalation
13622| [2107] Apache HTTP Server mod_ssl Host: Header XSS
13623| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
13624| [1833] Apache HTTP Server Multiple Slash GET Request DoS
13625| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
13626| [872] Apache Tomcat Multiple Default Accounts
13627| [862] Apache HTTP Server SSI Error Page XSS
13628| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
13629| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
13630| [845] Apache Tomcat MSDOS Device XSS
13631| [844] Apache Tomcat Java Servlet Error Page XSS
13632| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
13633| [838] Apache HTTP Server Chunked Encoding Remote Overflow
13634| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
13635| [775] Apache mod_python Module Importing Privilege Function Execution
13636| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
13637| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
13638| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
13639| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
13640| [637] Apache HTTP Server UserDir Directive Username Enumeration
13641| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
13642| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
13643| [562] Apache HTTP Server mod_info /server-info Information Disclosure
13644| [561] Apache Web Servers mod_status /server-status Information Disclosure
13645| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
13646| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
13647| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
13648| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
13649| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
13650| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
13651| [376] Apache Tomcat contextAdmin Arbitrary File Access
13652| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
13653| [222] Apache HTTP Server test-cgi Arbitrary File Access
13654| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
13655| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
13656|_
13657445/tcp closed microsoft-ds conn-refused
13658Device type: general purpose
13659Running (JUST GUESSING): Linux 2.6.X (91%)
13660OS CPE: cpe:/o:linux:linux_kernel:2.6
13661OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
13662Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%)
13663No exact OS matches for host (test conditions non-ideal).
13664TCP/IP fingerprint:
13665SCAN(V=7.70%E=4%D=7/6%OT=80%CT=25%CU=%PV=N%G=N%TM=5D20E925%P=x86_64-pc-linux-gnu)
13666SEQ(SP=101%GCD=1%ISR=110%TI=Z%CI=Z%TS=18)
13667OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
13668WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)
13669ECN(R=Y%DF=Y%TG=40%W=3908%O=M44FNNSNW7%CC=Y%Q=)
13670T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
13671T2(R=N)
13672T3(R=N)
13673T4(R=N)
13674T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
13675T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
13676T7(R=N)
13677U1(R=N)
13678IE(R=N)
13679
13680Uptime guess: 0.004 days (since Sat Jul 6 14:25:47 2019)
13681TCP Sequence Prediction: Difficulty=257 (Good luck!)
13682IP ID Sequence Generation: All zeros
13683
13684TRACEROUTE (using proto 1/icmp)
13685HOP RTT ADDRESS
136861 170.82 ms 10.252.200.1
136872 172.21 ms 213.184.122.97
136883 171.02 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
136894 171.48 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
136905 232.15 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
136916 171.62 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
136927 237.12 ms bzq-179-124-78.cust.bezeqint.net (212.179.124.78)
136938 240.77 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
136949 305.92 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
1369510 362.56 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
1369611 477.25 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
1369712 ...
1369813 487.43 ms 245.143090232.odn.ne.jp (143.90.232.245)
1369914 488.97 ms STOrc-01Te0-0-0-5.nw.odn.ad.jp (143.90.47.17)
1370015 490.32 ms 143.90.161.54
1370116 474.06 ms 62.210252175.odn.ne.jp (210.252.175.62)
1370217 475.02 ms IKB-CORE-GR62-TG52.mex.ad.jp (210.155.142.126)
1370318 479.02 ms 210.155.132.27
1370419 484.28 ms IKB-CSTM-JEX15-XE-0-0-0.mex.ad.jp (210.155.137.179)
1370520 472.57 ms 210.155.133.232
1370621 ... 30
13707
13708NSE: Script Post-scanning.
13709NSE: Starting runlevel 1 (of 2) scan.
13710Initiating NSE at 14:32
13711Completed NSE at 14:32, 0.00s elapsed
13712NSE: Starting runlevel 2 (of 2) scan.
13713Initiating NSE at 14:32
13714Completed NSE at 14:32, 0.00s elapsed
13715Read data files from: /usr/bin/../share/nmap
13716OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
13717Nmap done: 1 IP address (1 host up) scanned in 606.77 seconds
13718 Raw packets sent: 130 (9.808KB) | Rcvd: 159 (29.845KB)
13719#######################################################################################################################################
13720Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-06 14:32 EDT
13721NSE: Loaded 45 scripts for scanning.
13722NSE: Script Pre-scanning.
13723Initiating NSE at 14:32
13724Completed NSE at 14:32, 0.00s elapsed
13725Initiating NSE at 14:32
13726Completed NSE at 14:32, 0.00s elapsed
13727Initiating Parallel DNS resolution of 1 host. at 14:32
13728Completed Parallel DNS resolution of 1 host. at 14:32, 0.02s elapsed
13729Initiating UDP Scan at 14:32
13730Scanning sv3.isle.ne.jp (211.13.196.135) [14 ports]
13731Completed UDP Scan at 14:32, 3.98s elapsed (14 total ports)
13732Initiating Service scan at 14:32
13733Scanning 12 services on sv3.isle.ne.jp (211.13.196.135)
13734Service scan Timing: About 8.33% done; ETC: 14:51 (0:17:47 remaining)
13735Completed Service scan at 14:33, 102.60s elapsed (12 services on 1 host)
13736Initiating OS detection (try #1) against sv3.isle.ne.jp (211.13.196.135)
13737Retrying OS detection (try #2) against sv3.isle.ne.jp (211.13.196.135)
13738Initiating Traceroute at 14:33
13739Completed Traceroute at 14:34, 7.21s elapsed
13740Initiating Parallel DNS resolution of 1 host. at 14:34
13741Completed Parallel DNS resolution of 1 host. at 14:34, 0.00s elapsed
13742NSE: Script scanning 211.13.196.135.
13743Initiating NSE at 14:34
13744Completed NSE at 14:34, 7.27s elapsed
13745Initiating NSE at 14:34
13746Completed NSE at 14:34, 1.34s elapsed
13747Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
13748Host is up (0.18s latency).
13749
13750PORT STATE SERVICE VERSION
1375153/udp open|filtered domain
1375267/udp open|filtered dhcps
1375368/udp open|filtered dhcpc
1375469/udp open|filtered tftp
1375588/udp open|filtered kerberos-sec
13756123/udp open|filtered ntp
13757137/udp filtered netbios-ns
13758138/udp filtered netbios-dgm
13759139/udp open|filtered netbios-ssn
13760161/udp open|filtered snmp
13761162/udp open|filtered snmptrap
13762389/udp open|filtered ldap
13763520/udp open|filtered route
137642049/udp open|filtered nfs
13765Too many fingerprints match this host to give specific OS details
13766
13767TRACEROUTE (using port 137/udp)
13768HOP RTT ADDRESS
137691 171.34 ms 10.252.200.1
137702 ... 3
137714 170.79 ms 10.252.200.1
137725 172.46 ms 10.252.200.1
137736 172.45 ms 10.252.200.1
137747 172.44 ms 10.252.200.1
137758 172.43 ms 10.252.200.1
137769 172.43 ms 10.252.200.1
1377710 172.44 ms 10.252.200.1
1377811 ... 18
1377919 185.24 ms 10.252.200.1
1378020 173.08 ms 10.252.200.1
1378121 ... 27
1378228 170.25 ms 10.252.200.1
1378329 ...
1378430 171.01 ms 10.252.200.1
13785
13786NSE: Script Post-scanning.
13787Initiating NSE at 14:34
13788Completed NSE at 14:34, 0.00s elapsed
13789Initiating NSE at 14:34
13790Completed NSE at 14:34, 0.00s elapsed
13791Read data files from: /usr/bin/../share/nmap
13792OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
13793Nmap done: 1 IP address (1 host up) scanned in 129.05 seconds
13794 Raw packets sent: 147 (13.614KB) | Rcvd: 99 (21.588KB)
13795#######################################################################################################################################
13796 Anonymous JTSEC #OpWhales Full Recon #11