· 6 years ago · Aug 11, 2019, 04:02 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.sa.zain.com ISP MTC KSA
4Continent Asia Flag
5SA
6Country Saudi Arabia Country Code SA
7Region Unknown Local time 11 Aug 2019 05:38 +03
8City Unknown Postal Code Unknown
9IP Address 79.170.50.171 Latitude 25
10 Longitude 45
11======================================================================================================================================
12########################################################################################################################################
13> www.sa.zain.com
14Server: 27.50.70.139
15Address: 27.50.70.139#53
16
17Non-authoritative answer:
18Name: www.sa.zain.com
19Address: 79.170.50.171
20>
21#######################################################################################################################################
22[+] Target : www.sa.zain.com
23
24[+] IP Address : 79.170.50.171
25
26[+] Headers :
27
28[+] Date : Sun, 11 Aug 2019 02:41:55 GMT
29[+] Server : Apache
30[+] Last-Modified : Sun, 04 Aug 2019 02:42:40 GMT
31[+] Accept-Ranges : bytes
32[+] Vary : Accept-Encoding
33[+] Content-Encoding : gzip
34[+] X-Content-Type-Options : nosniff
35[+] X-Frame-Options : sameorigin
36[+] X-XSS-Protection : 1; mode=block
37[+] Node : wfp02
38[+] X-Request-Received : t=1565491315671459
39[+] X-Request-Processing-Time : D=772
40[+] Content-Length : 328
41[+] Keep-Alive : timeout=7, max=25
42[+] Connection : Keep-Alive
43[+] Content-Type : text/html
44
45[+] SSL Certificate Information :
46
47[+] countryName : KW
48[+] stateOrProvinceName : Kuwait
49[+] localityName : Safat
50[+] organizationName : Mobile Telecommunications Co.
51[+] commonName : *.sa.zain.com
52[+] countryName : US
53[+] organizationName : DigiCert Inc
54[+] commonName : DigiCert SHA2 Secure Server CA
55[+] Version : 3
56[+] Serial Number : 0319E0980592019483B9271EFFC7731B
57[+] Not Before : Nov 17 00:00:00 2016 GMT
58[+] Not After : Feb 3 12:00:00 2020 GMT
59[+] OCSP : ('http://ocsp.digicert.com',)
60[+] subject Alt Name : (('DNS', '*.sa.zain.com'), ('DNS', 'sa.zain.com'), ('DNS', 'www.sa.zain.com'), ('DNS', 'shop.sa.zain.com'), ('DNS', 'www.shop.sa.zain.com'), ('DNS', 'websso.sa.zain.com'), ('DNS', 'www.websso.sa.zain.com'), ('DNS', 'pay.sa.zain.com'), ('DNS', 'www.pay.sa.zain.com'), ('DNS', 'corporate.sa.zain.com'), ('DNS', 'www.corporate.sa.zain.com'))
61[+] CA Issuers : ('http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt',)
62[+] CRL Distribution Points : ('http://crl3.digicert.com/ssca-sha2-g5.crl', 'http://crl4.digicert.com/ssca-sha2-g5.crl')
63
64[+] Whois Lookup :
65
66[+] NIR : None
67[+] ASN Registry : ripencc
68[+] ASN : 43766
69[+] ASN CIDR : 79.170.50.0/24
70[+] ASN Country Code : SA
71[+] ASN Date : 2007-09-24
72[+] ASN Description : MTC-KSA-AS, SA
73[+] cidr : 79.170.48.0/22
74[+] name : MTC-KSA
75[+] handle : AO4427-RIPE
76[+] range : 79.170.48.0 - 79.170.51.255
77[+] description : MTC KSA Network
78[+] country : SA
79[+] state : None
80[+] city : None
81[+] address : PO Box 295814 Riyadh 11351, Riyadh, KSA
82[+] postal_code : None
83[+] emails : None
84[+] created : 2007-09-25T13:31:20Z
85[+] updated : 2015-04-26T10:55:51Z
86
87[+] Crawling Target...
88
89[+] Looking for robots.txt........[ Found ]
90[+] Extracting robots Links.......[ 0 ]
91[+] Looking for sitemap.xml.......[ Found ]
92[+] Extracting sitemap Links......[ 122 ]
93[+] Extracting CSS Links..........[ 0 ]
94[+] Extracting Javascript Links...[ 0 ]
95[+] Extracting Internal Links.....[ 0 ]
96[+] Extracting External Links.....[ 0 ]
97[+] Extracting Images.............[ 0 ]
98
99[+] Total Links Extracted : 122
100
101[+] Dumping Links in /opt/FinalRecon/dumps/www.sa.zain.com.dump
102[+] Completed!
103######################################################################################################################################
104[+] Starting At 2019-08-10 22:43:45.635280
105[+] Collecting Information On: https://www.sa.zain.com/autoforms/portal/site
106[#] Status: 200
107--------------------------------------------------
108[#] Web Server Detected: Apache
109[+] Xss Protection Detected !
110- Date: Sun, 11 Aug 2019 02:43:50 GMT
111- Server: Apache
112- Strict-Transport-Security: max-age=86400
113- Cache-control: no-cache, no-store, must-revalidate
114- Pragma: no-cache
115- Content-Type: text/html;charset=UTF-8
116- Set-Cookie: JSESSIONID=A5D7994865A743C7128FED84DA919A0C.wfp011;path=/autoforms;Secure;HttpOnly
117- Vary: Accept-Encoding
118- Content-Encoding: gzip
119- X-Content-Type-Options: nosniff
120- X-Frame-Options: sameorigin
121- X-XSS-Protection: 1; mode=block
122- Node: wfp01
123- X-Request-Received: t=1565491431012851
124- X-Request-Processing-Time: D=27781
125- Keep-Alive: timeout=7, max=25
126- Connection: Keep-Alive
127- Transfer-Encoding: chunked
128--------------------------------------------------
129[#] Finding Location..!
130[#] as: AS30148 Sucuri
131[#] city: Menifee
132[#] country: United States
133[#] countryCode: US
134[#] isp: Sucuri
135[#] lat: 33.6831
136[#] lon: -117.17
137[#] org: Sucuri
138[#] query: 192.124.249.3
139[#] region: CA
140[#] regionName: California
141[#] status: success
142[#] timezone: America/Los_Angeles
143[#] zip: 92584
144--------------------------------------------------
145[x] Didn't Detect WAF Presence on: https://www.sa.zain.com/autoforms/portal/site
146--------------------------------------------------
147[#] Starting Reverse DNS
148[!] Found 214 any Domain
149- 1965tribunal.org
150- 1forjustice.com
151- 2bstudio.com
152- 340madisonave.com
153- 360chiropractic.com
154- 3r3b0s.com
155- 911restoration.com
156- absolugroupe.com
157- accessantennas.com.au
158- adb.org.sg
159- alaskapublic.org
160- alertprotective.com
161- alfalah.edu.sa
162- alhdbah.com
163- alyusr.com.sa
164- antena1.com.br
165- anticafarmacista.com
166- aristo-casino.org
167- arj-photo.co.uk
168- artofmoderndentistry.com
169- asiaweddingnetwork.com
170- askdrayton.com
171- asmltd.com
172- aspoonfulofsugardesigns.com
173- atib.ly
174- balticnetworks.com
175- bighatstore.com
176- bushbeans.com
177- camp.cdymca.org
178- capitalcube.com
179- captainkidmagic.com
180- celadondrivers.com
181- chicagosmiledesign.com
182- cindyjunephotography.com
183- circajewels.com
184- citizenshipsupport.ca
185- cloudcallsixsix.com
186- cloudproxy10003.sucuri.net
187- cobbcounty.org
188- controfiltro.com
189- csocially.com
190- culinaryboutique.com
191- cummins.com.mx
192- dealnloot.com
193- dongduong.edu.vn
194- doroteiapresentes.com.br
195- dreamyachtcharter.com
196- drfriedmann.com
197- dssrookie.com
198- eartheasy.com
199- ecclesiae.com.br
200- edairynews.com
201- edebiyatogretmeni.org
202- ehatbazaar.com
203- emsearchconsulting.com
204- esa.org
205- expressfurniture.net
206- fabricstructures-usa.com
207- fabristructure.com
208- fcfmodels.com
209- film2movie.co
210- flextrade.com
211- foodal.com
212- fun4firstcoastkids.com
213- funslidespark.com
214- gamingsafe.net
215- gamucci.com
216- glee.co.uk
217- golfsweetwater.com
218- grass247.co.uk
219- greenhouseil.com
220- guitarjamz.com
221- helioskvs.com
222- hyderabad.tie.org
223- ibigroup.com
224- idahocityschools.net
225- idealtraits.com
226- ifapray.org
227- iheartcostamesa.com
228- ikyaglobal.com
229- instabuyagram.com
230- instantshadeumbrellas.com.au
231- ionside.co.za
232- ios.com
233- jibalnews.com
234- jihadwatch.org
235- julienquaglierini.com
236- jungchicago.org
237- kali.training
238- kartpay.com
239- kdmlogistics.ca
240- kvgiradio.com
241- leet.nl
242- legalexecutiveinstitute.com
243- lifehack.org
244- lincolnindicators.com.au
245- list25.com
246- lrsus.com
247- mail-ghost.com
248- maketecheasier.com
249- manikcaminomaya.com
250- mavs.com
251- mbkitsystems.com
252- movement.com
253- mseyes.com
254- navyfst.com
255- newsandviewsusa.com
256- nikkielledgebrown.com
257- ntchealthcare.com
258- oldotterbeinumc.org
259- oneviewcontrols.com
260- opportunitymarketing.co.uk
261- orienteering.org.nz
262- orionckb.com
263- oxbridgeacademy.co.za
264- pagechiro.com
265- pager.net
266- palirguitars.com
267- pamelageller.com
268- patrickbombart.be
269- peedeescouts.us
270- phoenixbats.com
271- playstation-karte.com
272- pokern.com
273- pussybook.xyz
274- quaysideisle.com
275- reapershop.com
276- redcarrotdesign.com
277- reloadingunlimited.com
278- rivalserver.com
279- rkjrrampur.in
280- samedaysigns.com.au
281- sassychic.co.za
282- scancorner.in
283- sciencecoalition.org
284- seecalifornia.com
285- serped.net
286- siquri.com
287- skycreekranch.com
288- slidebazaar.com
289- smarteinc.com
290- spendmatters.com
291- standrewscollege.ac.in
292- stewardshipmission.org
293- studentpdf.com
294- sujoydhar.in
295- swiishealthandsocialcare.co.uk
296- swisstrax.com
297- systemsltd.com
298- thecontractorsconsultant.com
299- thehealthyhomeeconomist.com
300- thetoweldepot.com
301- threatconnect.com
302- tie.org
303- todaypk.com
304- total-life-changes.com
305- trackshack.com
306- tradeshowdisplaypros.com
307- untouchablemarketing.net
308- utmfg.net
309- vanguardroofing.com
310- visionetsystems.com
311- vmediagroep.com
312- wavestreet.com
313- waynemarketinggroup.com
314- webipedia.it
315- wedbush.com
316- wholesaleforum.com
317- wordbrainsolver.com
318- worldfinancialreview.com
319- www.allanedwards.com
320- www.alyusr.com.sa
321- www.asiapacificsecuritymagazine.com
322- www.cipe.org
323- www.connections.services
324- www.cydiageeks.com
325- www.demco.org
326- www.dia.org
327- www.doroteiapresentes.com.br
328- www.expressfurniture.net
329- www.film2movie.co
330- www.governormifflinsd.org
331- www.habblet.in
332- www.hartinsurance.com
333- www.himalayamen.com
334- www.ikyaglobal.com
335- www.infinera.com
336- www.ios.com
337- www.isitwp.com
338- www.jbidigital.co.uk
339- www.jihadwatch.org
340- www.lifehack.org
341- www.lincolnindicators.com.au
342- www.manikcaminomaya.com
343- www.narf.org
344- www.nmsdc.org
345- www.notetec.com.br
346- www.orienteering.org.nz
347- www.parlimen.gov.my
348- www.pers.com
349- www.reapershop.com
350- www.specialtycarco.com
351- www.swiishealthandsocialcare.co.uk
352- www.systemsltd.com
353- www.thajskyraj.com
354- www.trackshack.com
355- www.waukeshacountyfair.com
356- www.windberschools.org
357- www.xyzhomework.com
358- www.zain.com
359- www.zain.com.
360- youreteachingourchildrenwhat.org
361- zain.com
362- zain.com.
363--------------------------------------------------
364[!] Scanning Open Port
365[#] 80/tcp open http
366[#] 443/tcp open https
367--------------------------------------------------
368[+] Collecting Information Disclosure!
369[!] Found 2 Phone Number
370[+] +966590000959
371[+] +966590000959
372[#] Detecting sitemap.xml file
373[-] sitemap.xml file not Found!?
374[#] Detecting robots.txt file
375[-] robots.txt file not Found!?
376[#] Detecting GNU Mailman
377[-] GNU Mailman App Not Detected!?
378--------------------------------------------------
379[+] Crawling Url Parameter On: https://www.sa.zain.com/autoforms/portal/site
380--------------------------------------------------
381[#] Searching Html Form !
382[+] Html Form Discovered
383[#] action: /search/
384[#] class: ['p15', 'clearfix']
385[#] id: None
386[#] method: None
387--------------------------------------------------
388[!] Found 5 dom parameter
389[#] https://www.sa.zain.com/autoforms/portal/site/#
390[#] https://www.sa.zain.com/autoforms/portal/site/#
391[#] https://www.sa.zain.com/autoforms/portal/site/#
392[#] http://twitter.com/#!/ZainKSA
393[#] https://plus.google.com/100676544484937074971/posts#100676544484937074971/posts
394--------------------------------------------------
395[!] 11 Internal Dynamic Parameter Discovered
396[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/resources/web/common/css/images/favicon.png?141321M
397[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/resources/web/common/css/images/favicon.png?141321M
398[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/csstrh/resources/web/common/scripts/dojo-release-1.10.4-src/util/release/trunk/elementn/websiteall.ar.css.vm?141321M&252666
399[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/csstrh/resources/web/common/scripts/dojo-release-1.10.4-src/util/release/trunk/elementn/website.css.vm?141321M&252666
400[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/csstrh/resources/web/common/scripts/dojo-release-1.10.4-src/util/release/trunk/elementn/website2.css.vm?141321M&252666
401[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/csstrh/resources/web/common/scripts/dojo-release-1.10.4-src/util/release/trunk/elementn/website.ar.css.vm?141321M&252666
402[+] https://www.sa.zain.com?141321M
403[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site?AF_language=en
404[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site?AF_language=en
405[+] https://shop.sa.zain.com/autoforms/portal/site/shop/packages?AF_language=ar
406[+] https://shop.sa.zain.com/autoforms/portal/site/shop/devices?AF_language=ar
407--------------------------------------------------
408[!] 2 External Dynamic Parameter Discovered
409[#] https://secure-web.cisco.com/1rflkhiTluIc86-pEMeqRpFNRr1IV_K-3tkZFlybDkmB1nmYVeWWvmizvwdm4oNsaqLuhNckxXopJdDP4g9ooe_maG9E6DKAzsmjnYtYu9_50UUjyirGqDyYxmGJW2J7valhvl1fY5oyoN8xZJ3TVu629D21McDmqIKWHMD7i_enSQxPs1LKmFl2kM8pK44K3JZ61jXZsvqRSOBvRCVS4M8qB8V2NHMpqWN_XGoLUf4BFGBty_h16KXksnVqu-796VVykbc2b3EPXP67SsYRvwA/https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DRoboto?141321M
410[#] http://ecol-zain.responsetek.com/collection/collection.aspx?cguid=7af-ddaffba8b31b&langid=22&optionConsumerCustom1=daa-11b1975e77a1&optionConsumerCustom2=b24-1888a203639e
411--------------------------------------------------
412[!] 32 Internal links Discovered
413[+] https://www.sa.zain.com/autoforms/portal/site/zainsa
414[+] https://www.sa.zain.com/autoforms/portal/site/investorrelations
415[+] https://www.sa.zain.com/autoforms/portal/site/onlinetopup
416[+] https://www.sa.zain.com/autoforms/portal/site/onlinepayment
417[+] https://www.sa.zain.com/autoforms/portal/site/complaints
418[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site
419[+] https://www.sa.zain.com/autoforms/portal/site/myzain
420[+] https://www.sa.zain.com/autoforms/portal/site/javascript:void(0);
421[+] https://www.sa.zain.com/autoforms/portal/site/javascript:void(0);
422[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site
423[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site
424[+] https://www.sa.zain.com/autoforms/portal/site/myzain
425[+] https://www.sa.zain.com/autoforms/portal/site/help/howcanwehelp
426[+] https://www.sa.zain.com/autoforms/portal/site/help/locateus
427[+] https://www.sa.zain.com/autoforms/portal/site/help/coveragemaps
428[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site/personal
429[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site/personal/voice_plans
430[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site/personal/broadband
431[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site/business
432[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site/business/voice_plan/postpaid_promotion
433[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site/business/businesssolutions
434[+] https://shop.sa.zain.com/autoforms/portal/home
435[+] https://sa.zain.com/autoforms/portal/site/personal/myaccount
436[+] https://www.sa.zain.com/autoforms/portal/site/personal/voice_plans/my_account_management/bill
437[+] https://sa.zain.com/autoforms/portal/site/myzain
438[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site/help
439[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site/help/user_protection
440[+] https://www.sa.zain.com/autoforms/portal/site//autoforms/portal/site/help/locateus
441[+] https://www.sa.zain.com/autoforms/portal/site/personal/termsandconditions
442[+] https://www.sa.zain.com/autoforms/portal/site/personal/privacypolicy
443[+] https://www.sa.zain.com/autoforms/portal/site/help/user_protection
444[+] https://www.sa.zain.com/autoforms/portal/site/javascript: void(0)
445--------------------------------------------------
446[!] 6 External links Discovered
447[#] http://www.facebook.com/zainsaudiarabia
448[#] http://twitter.com/#!/ZainKSA
449[#] http://www.linkedin.com/company/zain-ksa
450[#] http://www.youtube.com/zainworldtv
451[#] https://plus.google.com/100676544484937074971/posts#100676544484937074971/posts
452[#] http://instagram.com/zainksa
453--------------------------------------------------
454[#] Mapping Subdomain..
455[!] Found 120 Subdomain
456- sa.zain.com
457- sblsfa.sa.zain.com
458- mail-c.sa.zain.com
459- vc.sa.zain.com
460- mail-d.sa.zain.com
461- boardpad.sa.zain.com
462- speed.sa.zain.com
463- myworld.sa.zain.com
464- broadband.sa.zain.com
465- coverage.sa.zain.com
466- livetime.sa.zain.com
467- ltth-cpe.sa.zain.com
468- corporate.sa.zain.com
469- bulkcorporate.sa.zain.com
470- speedtest-jeddah.sa.zain.com
471- speedtest-riyadh.sa.zain.com
472- speedtest-dammam.sa.zain.com
473- webcon.sa.zain.com
474- fun.sa.zain.com
475- websso.sa.zain.com
476- sip.sa.zain.com
477- shop.sa.zain.com
478- rbtapp.sa.zain.com
479- isupplier.sa.zain.com
480- tisupplier.sa.zain.com
481- gss.sa.zain.com
482- scdev.sa.zain.com
483- speedtest-jeddahnew.sa.zain.com
484- speedtest-riyadhnew.sa.zain.com
485- speedtest-dammamnew.sa.zain.com
486- www.sa.zain.com
487- pay.sa.zain.com
488- ibwave-unity.sa.zain.com
489- 109-161-130-0.rev.bb.zain.com
490- 109-161-200-0.rev.bb.zain.com
491- 109-161-210-0.rev.bb.zain.com
492- 109-161-220-0.rev.bb.zain.com
493- 109-161-230-0.rev.bb.zain.com
494- 185-7-10-0.rev.bb.zain.com
495- 62-209-0-0.rev.bb.zain.com
496- 62-209-10-0.rev.bb.zain.com
497- 62-209-20-0.rev.bb.zain.com
498- pdns.bb.zain.com
499- tafos-out.bb.zain.com
500- tsoli-out.bb.zain.com
501- lo10-c10k.bb.zain.com
502- 94-79-200-0.rev.bb.zain.com
503- 94-79-210-0.rev.bb.zain.com
504- 94-79-220-0.rev.bb.zain.com
505- 94-79-230-0.rev.bb.zain.com
506- v501-agg.bb.zain.com
507- v502-agg.bb.zain.com
508- agg-1-man1.bb.zain.com
509- agg-2-man1.bb.zain.com
510- block.bb.zain.com
511- brd-1-man1.bb.zain.com
512- brd-2-man1.bb.zain.com
513- bts-r1.bb.zain.com
514- bts-r2.bb.zain.com
515- bts-r4.bb.zain.com
516- iaccess.sa.zain.com
517- 62-209-30-0.rev.bb.zain.com
518- ntp-1.bb.zain.com
519- cdns-1.bb.zain.com
520- ntp-2.bb.zain.com
521- cdns2.bb.zain.com
522- cdns-3.bb.zain.com
523- cdns1.bb.zain.com
524- cdns-4.bb.zain.com
525- zain.com
526- trunksctest.sa.zain.com
527- trunkeshoptest.sa.zain.com
528- halamessenger.sa.zain.com
529- dcss-1-man1.bb.zain.com
530- dcss-2-man1.bb.zain.com
531- gamesclub.sa.zain.com
532- cric.sa.zain.com
533- gw1.bb.zain.com
534- gw2.bb.zain.com
535- isg-1-man1.bb.zain.com
536- itp1.bb.zain.com
537- itp2.bb.zain.com
538- mail-a.sa.zain.com
539- mail-b.sa.zain.com
540- mail.sa.zain.com
541- maila.sa.zain.com
542- mailav1.bb.zain.com
543- mailav2.bb.zain.com
544- mailb.sa.zain.com
545- mailsrv1.bb.zain.com
546- mailsrv2.bb.zain.com
547- mirror.bb.zain.com
548- mta1.bb.zain.com
549- mta2.bb.zain.com
550- zgkwedgv01.zain.com
551- zgkwedgv02.zain.com
552- zgkwedgv03.zain.com
553- ncnr2.bb.zain.com
554- ns-1.bb.zain.com
555- adns-1.bb.zain.com
556- adns1.bb.zain.com
557- ns-2.bb.zain.com
558- adns-2.bb.zain.com
559- adns2.bb.zain.com
560- ns-3.bb.zain.com
561- ns-4.bb.zain.com
562- ns1.zain.com
563- ns1.sa.zain.com
564- ns2.zain.com
565- ns2.sa.zain.com
566- ns3.zain.com
567- ns4.zain.com
568- ncnr1.bb.zain.com
569- plex-slb.bb.zain.com
570- plex1.bb.zain.com
571- plex2.bb.zain.com
572- projecta.zain.com
573- smtp.bb.zain.com
574- stest-1.bb.zain.com
575- webmail.bb.zain.com
576--------------------------------------------------
577[!] Done At 2019-08-10 22:44:23.605868
578#######################################################################################################################################
579[i] Scanning Site: https://www.sa.zain.com
580
581
582
583B A S I C I N F O
584====================
585
586
587[+] Site Title:
588[+] IP address: 79.170.50.171
589[+] Web Server: Apache
590[+] CMS: Could Not Detect
591[+] Cloudflare: Not Detected
592[+] Robots File: Found
593
594-------------[ contents ]----------------
595Sitemap: https://www.sa.zain.com/sitemap.xml
596
597-----------[end of contents]-------------
598
599
600
601
602G E O I P L O O K U P
603=========================
604
605[i] IP Address: 79.170.50.171
606[i] Country: Saudi Arabia
607[i] State:
608[i] City:
609[i] Latitude: 25.0
610[i] Longitude: 45.0
611
612
613
614
615H T T P H E A D E R S
616=======================
617
618
619[i] HTTP/1.1 200 OK
620[i] Date: Sun, 11 Aug 2019 02:42:25 GMT
621[i] Server: Apache
622[i] Strict-Transport-Security: max-age=86400
623[i] Last-Modified: Sun, 04 Aug 2019 02:57:53 GMT
624[i] Accept-Ranges: bytes
625[i] Content-Length: 452
626[i] Vary: Accept-Encoding
627[i] X-Content-Type-Options: nosniff
628[i] X-Frame-Options: sameorigin
629[i] X-XSS-Protection: 1; mode=block
630[i] Node: wfp01
631[i] X-Request-Received: t=1565491345909798
632[i] X-Request-Processing-Time: D=467
633[i] Connection: close
634[i] Content-Type: text/html
635
636
637
638
639D N S L O O K U P
640===================
641
642no records found
643
644
645
646S U B N E T C A L C U L A T I O N
647====================================
648
649Address = 79.170.50.171
650Network = 79.170.50.171 / 32
651Netmask = 255.255.255.255
652Broadcast = not needed on Point-to-Point links
653Wildcard Mask = 0.0.0.0
654Hosts Bits = 0
655Max. Hosts = 1 (2^0 - 0)
656Host Range = { 79.170.50.171 - 79.170.50.171 }
657
658
659
660N M A P P O R T S C A N
661============================
662
663Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 02:42 UTC
664Nmap scan report for sa.zain.com (79.170.50.171)
665Host is up (0.16s latency).
666
667PORT STATE SERVICE
66821/tcp filtered ftp
66922/tcp filtered ssh
67023/tcp filtered telnet
67180/tcp open http
672110/tcp filtered pop3
673143/tcp filtered imap
674443/tcp open https
6753389/tcp filtered ms-wbt-server
676
677Nmap done: 1 IP address (1 host up) scanned in 3.48 seconds
678
679
680
681S U B - D O M A I N F I N D E R
682==================================
683
684
685[i] Total Subdomains Found : 44
686
687[+] Subdomain: ns2.sa.zain.com
688[-] IP: 79.170.50.4
689
690[+] Subdomain: mail-a.sa.zain.com
691[-] IP: 79.170.50.8
692
693[+] Subdomain: sblsfa.sa.zain.com
694[-] IP: 79.170.50.16
695
696[+] Subdomain: maila.sa.zain.com
697[-] IP: 79.170.50.5
698
699[+] Subdomain: mail-b.sa.zain.com
700[-] IP: 79.170.50.12
701
702[+] Subdomain: mailb.sa.zain.com
703[-] IP: 79.170.50.9
704
705[+] Subdomain: gamesclub.sa.zain.com
706[-] IP: 107.23.191.143
707
708[+] Subdomain: mail-c.sa.zain.com
709[-] IP: 185.23.127.16
710
711[+] Subdomain: cric.sa.zain.com
712[-] IP: 54.186.108.93
713
714[+] Subdomain: vc.sa.zain.com
715[-] IP: 79.170.50.181
716
717[+] Subdomain: mail-d.sa.zain.com
718[-] IP: 185.23.127.17
719
720[+] Subdomain: boardpad.sa.zain.com
721[-] IP: 79.170.50.159
722
723[+] Subdomain: speed.sa.zain.com
724[-] IP: 79.170.50.184
725
726[+] Subdomain: myworld.sa.zain.com
727[-] IP: 93.174.168.101
728
729[+] Subdomain: broadband.sa.zain.com
730[-] IP: 79.170.50.184
731
732[+] Subdomain: coverage.sa.zain.com
733[-] IP: 79.170.50.73
734
735[+] Subdomain: livetime.sa.zain.com
736[-] IP: 79.170.50.73
737
738[+] Subdomain: ltth-cpe.sa.zain.com
739[-] IP: 79.170.51.69
740
741[+] Subdomain: corporate.sa.zain.com
742[-] IP: 79.170.50.206
743
744[+] Subdomain: bulkcorporate.sa.zain.com
745[-] IP: 79.170.51.250
746
747[+] Subdomain: speedtest-jeddah.sa.zain.com
748[-] IP: 79.170.53.18
749
750[+] Subdomain: speedtest-riyadh.sa.zain.com
751[-] IP: 79.170.51.18
752
753[+] Subdomain: mail.sa.zain.com
754[-] IP: 79.170.50.7
755
756[+] Subdomain: speedtest-dammam.sa.zain.com
757[-] IP: 79.170.52.18
758
759[+] Subdomain: webcon.sa.zain.com
760[-] IP: 79.170.50.167
761
762[+] Subdomain: fun.sa.zain.com
763[-] IP: 79.170.51.238
764
765[+] Subdomain: websso.sa.zain.com
766[-] IP: 79.170.50.153
767
768[+] Subdomain: sip.sa.zain.com
769[-] IP: 79.170.50.181
770
771[+] Subdomain: shop.sa.zain.com
772[-] IP: 79.170.50.23
773
774[+] Subdomain: rbtapp.sa.zain.com
775[-] IP: 79.170.51.218
776
777[+] Subdomain: halamessenger.sa.zain.com
778[-] IP: 92.62.165.132
779
780[+] Subdomain: isupplier.sa.zain.com
781[-] IP: 79.170.50.198
782
783[+] Subdomain: tisupplier.sa.zain.com
784[-] IP: 79.170.50.32
785
786[+] Subdomain: iaccess.sa.zain.com
787[-] IP: 79.179.50.103
788
789[+] Subdomain: gss.sa.zain.com
790[-] IP: 79.170.50.155
791
792[+] Subdomain: trunksctest.sa.zain.com
793[-] IP: 212.98.151.36
794
795[+] Subdomain: trunkeshoptest.sa.zain.com
796[-] IP: 212.98.151.36
797
798[+] Subdomain: scdev.sa.zain.com
799[-] IP: 79.170.50.216
800
801[+] Subdomain: speedtest-jeddahnew.sa.zain.com
802[-] IP: 79.170.53.30
803
804[+] Subdomain: speedtest-riyadhnew.sa.zain.com
805[-] IP: 79.170.51.55
806
807[+] Subdomain: speedtest-dammamnew.sa.zain.com
808[-] IP: 79.170.52.30
809
810[+] Subdomain: www.sa.zain.com
811[-] IP: 79.170.50.171
812
813[+] Subdomain: pay.sa.zain.com
814[-] IP: 79.170.50.205
815
816[+] Subdomain: ibwave-unity.sa.zain.com
817[-] IP: 79.170.51.8
818#######################################################################################################################################
819[INFO] ------TARGET info------
820[*] TARGET: https://www.sa.zain.com/autoforms/portal/site
821[*] TARGET IP: 79.170.50.171
822[INFO] NO load balancer detected for www.sa.zain.com...
823[*] DNS servers: ns1.sa.zain.com.
824[*] TARGET server: Apache
825[*] CC: SA
826[*] Country: Saudi Arabia
827[*] RegionCode: 01
828[*] RegionName: Ar Riyāḑ
829[*] City: Riyadh
830[*] ASN: AS43766
831[*] BGP_PREFIX: 79.170.50.0/24
832[*] ISP: MTC-KSA-AS MTC KSA, SA
833[INFO] SSL/HTTPS certificate detected
834[*] Issuer: issuer=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
835[*] Subject: subject=C = KW, ST = Kuwait, L = Safat, O = Mobile Telecommunications Co., CN = *.sa.zain.com
836[INFO] DNS enumeration:
837[*] api.zain.com zain-prod-prod.apigee.net. rde1rt250-2-routers.dn.apigee.net. 18.197.222.91
838[*] blog.zain.com 159.122.21.114
839[*] ftp.zain.com 82.199.68.89
840[*] mail.zain.com 95.66.103.198
841[*] ns1.zain.com 212.43.17.11
842[*] ns2.zain.com 212.43.17.12
843[*] ns3.zain.com 95.66.17.11
844[*] webconf.zain.com 62.209.25.24
845[*] webmail.zain.com 95.66.103.244
846[INFO] Possible abuse mails are:
847[*] abuse-notification@sa.zain.com
848[INFO] NO PAC (Proxy Auto Configuration) file FOUND
849[INFO] Checking for HTTP status codes recursively from /autoforms/portal/site
850[INFO] Status code Folders
851[*] 200 http://www.sa.zain.com/autoforms/
852[*] 200 http://www.sa.zain.com/autoforms/portal/
853[ALERT] robots.txt file FOUND in http://www.sa.zain.com/robots.txt
854[INFO] Checking for HTTP status codes recursively from http://www.sa.zain.com/robots.txt
855[INFO] Status code Folders
856[INFO] Starting FUZZing in http://www.sa.zain.com/FUzZzZzZzZz...
857[INFO] Status code Folders
858[ALERT] Look in the source code. It may contain passwords
859[INFO] SAME content in http://www.sa.zain.com/ AND http://79.170.50.171/
860[INFO] Links found from https://www.sa.zain.com/autoforms/portal/site:
861[*] http://ecol-zain.responsetek.com/collection/collection.aspx?cguid=7af-ddaffba8b31b&langid=22&optionConsumerCustom1=daa-11b1975e77a1&optionConsumerCustom2=b24-1888a203639e
862[*] http://instagram.com/zainksa
863[*] https://plus.google.com/100676544484937074971/posts#100676544484937074971/posts
864[*] https://sa.zain.com/autoforms/portal/site/myzain
865[*] https://sa.zain.com/autoforms/portal/site/personal/myaccount
866[*] https://shop.sa.zain.com/autoforms/portal/home
867[*] https://shop.sa.zain.com/autoforms/portal/site/shop/devices?AF_language=ar
868[*] https://shop.sa.zain.com/autoforms/portal/site/shop/packages?AF_language=ar
869[*] https://www.sa.zain.com/?141321M
870[*] https://www.sa.zain.com/autoforms/portal/site
871[*] https://www.sa.zain.com/autoforms/portal/site?AF_language=en
872[*] https://www.sa.zain.com/autoforms/portal/site/business
873[*] https://www.sa.zain.com/autoforms/portal/site/business/businesssolutions
874[*] https://www.sa.zain.com/autoforms/portal/site/business/voice_plan/postpaid_promotion
875[*] https://www.sa.zain.com/autoforms/portal/site/complaints
876[*] https://www.sa.zain.com/autoforms/portal/site/help
877[*] https://www.sa.zain.com/autoforms/portal/site/help/coveragemaps
878[*] https://www.sa.zain.com/autoforms/portal/site/help/howcanwehelp
879[*] https://www.sa.zain.com/autoforms/portal/site/help/locateus
880[*] https://www.sa.zain.com/autoforms/portal/site/help/user_protection
881[*] https://www.sa.zain.com/autoforms/portal/site/investorrelations
882[*] https://www.sa.zain.com/autoforms/portal/site/myzain
883[*] https://www.sa.zain.com/autoforms/portal/site/onlinepayment
884[*] https://www.sa.zain.com/autoforms/portal/site/onlinetopup
885[*] https://www.sa.zain.com/autoforms/portal/site/personal
886[*] https://www.sa.zain.com/autoforms/portal/site/personal/broadband
887[*] https://www.sa.zain.com/autoforms/portal/site/personal/privacypolicy
888[*] https://www.sa.zain.com/autoforms/portal/site/personal/termsandconditions
889[*] https://www.sa.zain.com/autoforms/portal/site/personal/voice_plans
890[*] https://www.sa.zain.com/autoforms/portal/site/personal/voice_plans/my_account_management/bill
891[*] https://www.sa.zain.com/autoforms/portal/site/zainsa
892[*] http://twitter.com/#!/ZainKSA
893[*] http://www.facebook.com/zainsaudiarabia
894[*] http://www.linkedin.com/company/zain-ksa
895[*] http://www.youtube.com/zainworldtv
896[INFO] GOOGLE has 11,100,000 results (0.34 seconds) about http://www.sa.zain.com/
897[INFO] Shodan detected the following opened ports on 79.170.50.171:
898[*] 443
899[*] 80
900[INFO] ------VirusTotal SECTION------
901[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
902[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
903[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
904[INFO] ------Alexa Rank SECTION------
905[INFO] Percent of Visitors Rank in Country:
906[INFO] Percent of Search Traffic:
907[INFO] Percent of Unique Visits:
908[INFO] Total Sites Linking In:
909[*] Total Sites
910[INFO] Useful links related to www.sa.zain.com - 79.170.50.171:
911[*] https://www.virustotal.com/pt/ip-address/79.170.50.171/information/
912[*] https://www.hybrid-analysis.com/search?host=79.170.50.171
913[*] https://www.shodan.io/host/79.170.50.171
914[*] https://www.senderbase.org/lookup/?search_string=79.170.50.171
915[*] https://www.alienvault.com/open-threat-exchange/ip/79.170.50.171
916[*] http://pastebin.com/search?q=79.170.50.171
917[*] http://urlquery.net/search.php?q=79.170.50.171
918[*] http://www.alexa.com/siteinfo/www.sa.zain.com
919[*] http://www.google.com/safebrowsing/diagnostic?site=www.sa.zain.com
920[*] https://censys.io/ipv4/79.170.50.171
921[*] https://www.abuseipdb.com/check/79.170.50.171
922[*] https://urlscan.io/search/#79.170.50.171
923[*] https://github.com/search?q=79.170.50.171&type=Code
924[INFO] Useful links related to AS43766 - 79.170.50.0/24:
925[*] http://www.google.com/safebrowsing/diagnostic?site=AS:43766
926[*] https://www.senderbase.org/lookup/?search_string=79.170.50.0/24
927[*] http://bgp.he.net/AS43766
928[*] https://stat.ripe.net/AS43766
929[INFO] Date: 10/08/19 | Time: 22:46:27
930[INFO] Total time: 2 minute(s) and 39 second(s)
931########################################################################################################################################
932<<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace sa.zain.com
933;; global options: +cmd
934. 84934 IN NS l.root-servers.net.
935. 84934 IN NS i.root-servers.net.
936. 84934 IN NS d.root-servers.net.
937. 84934 IN NS k.root-servers.net.
938. 84934 IN NS b.root-servers.net.
939. 84934 IN NS g.root-servers.net.
940. 84934 IN NS m.root-servers.net.
941. 84934 IN NS c.root-servers.net.
942. 84934 IN NS e.root-servers.net.
943. 84934 IN NS f.root-servers.net.
944. 84934 IN NS a.root-servers.net.
945. 84934 IN NS h.root-servers.net.
946. 84934 IN NS j.root-servers.net.
947. 84934 IN RRSIG NS 8 0 518400 20190823170000 20190810160000 59944 . pivMuRT82S2mTtBbAdFZF8MqKYQ3YfPj+oKkhVR8jbrDIAYCans7dRQR GDBmfmzArGHHbjG4wAogJBB3BsIU/ljB/5nXWDZtB6MMvJi2dL34DzF+ M9ewlnSx9yE881sgtFfQo1Fr0ZVLecNDDHUSXSqhG3HXURwbo8Hwdcym x6WcgHUAnIU/BfrL9/Ux8AOadLQWEYAQ4HWVy4J4zfMOBlNMsBT1q+7K ZAeOJas42Kq2yn/GwyJCdzF/xV3EjO9ZEJomR0S5c/iUPElD22A10Dnk dBa+zFapWfsifF4uHj2e89bhGqQQbiEfgsaSVW0cd23wvTe3jgigeTVf UCgrHg==
948;; Received 525 bytes from 27.50.70.139#53(27.50.70.139) in 313 ms
949
950com. 172800 IN NS a.gtld-servers.net.
951com. 172800 IN NS e.gtld-servers.net.
952com. 172800 IN NS f.gtld-servers.net.
953com. 172800 IN NS d.gtld-servers.net.
954com. 172800 IN NS b.gtld-servers.net.
955com. 172800 IN NS i.gtld-servers.net.
956com. 172800 IN NS c.gtld-servers.net.
957com. 172800 IN NS g.gtld-servers.net.
958com. 172800 IN NS l.gtld-servers.net.
959com. 172800 IN NS h.gtld-servers.net.
960com. 172800 IN NS j.gtld-servers.net.
961com. 172800 IN NS k.gtld-servers.net.
962com. 172800 IN NS m.gtld-servers.net.
963com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
964com. 86400 IN RRSIG DS 8 1 86400 20190823170000 20190810160000 59944 . srunbFEUgmI4K89AfbxKRglGCRH+3CvwMib9MO18LoCapelXP/pB7U/k 1+UPXjEtldpuWjU3Frt8ARRfMNwt2BEtt+8abBU8n4spxY6E4YDl3eh0 InfKkt071+7kQlhJdo16pRsy7ZbsjVXw6b9+CouJKOn/5AsY3ecgjhRN kHLcGaVQDDvFCFI7S0IRGJXl4mR0wZ287cv/B1aGYnPaAEk4UUsmNaSW HxnMIey+3ilSIrwXZmIrbheUGQV4Hket4IT/0SRNTbbMb3rlsiFQNADI 0yA9CFM9PhNxXu12nspe+p61sHOoOtME4MXRRIVdWfwOWcugHnsdkxNe imGZEQ==
965;; Received 1199 bytes from 192.33.4.12#53(c.root-servers.net) in 303 ms
966
967zain.com. 172800 IN NS ns1.zain.com.
968zain.com. 172800 IN NS ns2.zain.com.
969zain.com. 172800 IN NS ns3.zain.com.
970zain.com. 172800 IN NS ns4.zain.com.
971CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
972CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190815044522 20190808033522 17708 com. mZXFevDe/GAzLCPnKm123kkBDgeuHRJXSkMgsHkACMZmMmA5uCrvxXN8 7fTMTFFESSjd14PwgTavf5fJ4J4COTvIVHg7vrnztrt1JadLK3jXNPJ3 3Z8Cv5VINQMEPSAydR7XeZ8AMCvdkyEKB0jzpen719qTk4WWWAw33Jtw 9a8=
973T30HL8AES6GA6UJKT2HJOF3A36I0K7A0.com. 86400 IN NSEC3 1 1 0 - T30M271HEI8EMB20M1K3M7F79LG165VQ NS DS RRSIG
974T30HL8AES6GA6UJKT2HJOF3A36I0K7A0.com. 86400 IN RRSIG NSEC3 8 2 86400 20190814051817 20190807040817 17708 com. oxMpvT5R/ov7gslzO68q0cCVkte+j4IFFiW2PhDLvDze4Gqc0lNcZd4W yQ+3M24oyIl7NS5/CErHTbozyBXIYVueVO+tjqdW7/dmxompQ4GpoMIP wRoo3j9G/Km3oHyo3bNoxmBCoYToW3h8sT1dTxJhxhe9SBgDO99Y5HPf 5WM=
975;; Received 661 bytes from 2001:503:39c1::30#53(i.gtld-servers.net) in 38 ms
976
977sa.zain.com. 28800 IN NS ns1.sa.zain.com.
978sa.zain.com. 28800 IN NS ns2.sa.zain.com.
979;; Received 108 bytes from 212.43.17.12#53(ns2.zain.com) in 541 ms
980
981sa.zain.com. 360 IN A 79.170.50.171
982sa.zain.com. 360 IN NS ns1.sa.zain.com.
983sa.zain.com. 360 IN NS ns2.sa.zain.com.
984;; Received 124 bytes from 79.170.50.4#53(ns2.sa.zain.com) in 522 ms
985#######################################################################################################################################
986[*] Performing General Enumeration of Domain: sa.zain.com
987[-] DNSSEC is not configured for sa.zain.com
988[*] SOA ns1.sa.zain.com 79.170.50.3
989[*] NS ns2.sa.zain.com 79.170.50.4
990[*] Bind Version for 79.170.50.4
991[*] NS ns1.sa.zain.com 79.170.50.3
992[*] Bind Version for 79.170.50.3
993[*] MX mail-a.sa.zain.com 79.170.50.8
994[*] MX mail-b.sa.zain.com 79.170.50.12
995[*] A sa.zain.com 79.170.50.171
996[*] TXT sa.zain.com v=spf1 ip4:213.208.241.10 ip4:82.199.76.30 ip4:79.170.50.9 ip4:79.170.50.5 ip4:82.199.68.90 ip4:82.199.68.91 ip4:95.66.103.198 ip4:79.170.50.8 ip4:79.170.50.12 ip4:185.23.127.16 ip4:185.23.127.17 include:spf.protection.outlook.com -all
997[*] TXT sa.zain.com googled20aa62c41c746da
998[*] TXT sa.zain.com MS=ms66547090
999[*] Enumerating SRV Records
1000[*] SRV _sip._udp.sa.zain.com vc.sa.zain.com 79.170.50.181 5060 10
1001[*] SRV _sips._tcp.sa.zain.com vc.sa.zain.com 79.170.50.181 5061 10
1002[*] SRV _sip._tcp.sa.zain.com vc.sa.zain.com 79.170.50.181 5060 10
1003[*] SRV _h323cs._tcp.sa.zain.com vc.sa.zain.com 79.170.50.181 1720 10
1004[*] SRV _h323ls._udp.sa.zain.com vc.sa.zain.com 79.170.50.181 1719 10
1005[*] SRV _sip._tls.sa.zain.com sip.sa.zain.com 79.170.50.181 443 1
1006[*] SRV _xmpp-client._tcp.sa.zain.com xmpp.sa.zain.com 79.170.50.162 5222 1
1007[+] 7 Records Found
1008#######################################################################################################################################
1009[*] Processing domain sa.zain.com
1010[*] Using system resolvers ['27.50.70.139', '38.132.106.139', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
1011[+] Getting nameservers
101279.170.50.4 - ns2.sa.zain.com
101379.170.50.3 - ns1.sa.zain.com
1014[-] Zone transfer failed
1015
1016[+] TXT records found
1017"v=spf1 ip4:213.208.241.10 ip4:82.199.76.30 ip4:79.170.50.9 ip4:79.170.50.5 ip4:82.199.68.90 ip4:82.199.68.91 ip4:95.66.103.198 ip4:79.170.50.8 ip4:79.170.50.12 ip4:185.23.127.16 ip4:185.23.127.17 include:spf.protection.outlook.com -all"
1018"googled20aa62c41c746da"
1019"MS=ms66547090"
1020
1021[+] MX records found, added to target list
102210 mail-a.sa.zain.com.
102310 mail-b.sa.zain.com.
1024
1025[*] Scanning sa.zain.com for A records
102679.170.50.171 - sa.zain.com
102779.170.50.8 - mail-a.sa.zain.com
102879.170.50.12 - mail-b.sa.zain.com
1029185.23.124.17 - access.sa.zain.com
103079.170.50.211 - archive.sa.zain.com
103179.170.50.7 - autodiscover.sa.zain.com
103213.94.136.248 - careers.sa.zain.com
103379.170.50.206 - corporate.sa.zain.com
103479.170.50.19 - demo.sa.zain.com
103579.170.50.7 - mail.sa.zain.com
103679.170.50.210 - media.sa.zain.com
103710.122.200.12 - mm.sa.zain.com
103879.170.50.3 - ns1.sa.zain.com
103979.170.50.4 - ns2.sa.zain.com
104079.170.50.188 - owa.sa.zain.com
104179.170.50.205 - pay.sa.zain.com
104292.62.165.132 - share.sa.zain.com
104379.170.50.23 - shop.sa.zain.com
104479.170.50.181 - sip.sa.zain.com
104579.170.50.171 - static1.sa.zain.com
104679.170.50.171 - static2.sa.zain.com
104779.170.50.181 - vc.sa.zain.com
104810.158.6.99 - wap.sa.zain.com
104979.170.50.171 - www.sa.zain.com
105079.170.50.31 - www1.sa.zain.com
1051#########################################################################################################################################
1052
1053 AVAILABLE PLUGINS
1054 -----------------
1055
1056 EarlyDataPlugin
1057 SessionResumptionPlugin
1058 CertificateInfoPlugin
1059 OpenSslCipherSuitesPlugin
1060 HeartbleedPlugin
1061 RobotPlugin
1062 CompressionPlugin
1063 HttpHeadersPlugin
1064 FallbackScsvPlugin
1065 OpenSslCcsInjectionPlugin
1066 SessionRenegotiationPlugin
1067
1068
1069
1070 CHECKING HOST(S) AVAILABILITY
1071 -----------------------------
1072
1073 79.170.50.171:443 => 79.170.50.171
1074
1075
1076
1077
1078 SCAN RESULTS FOR 79.170.50.171:443 - 79.170.50.171
1079 --------------------------------------------------
1080
1081 * TLSV1_3 Cipher Suites:
1082 Server rejected all cipher suites.
1083
1084 * TLS 1.2 Session Resumption Support:
1085 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1086 With TLS Tickets: ERROR: timeout - timed out
1087
1088 * Certificate Information:
1089 Content
1090 SHA1 Fingerprint: 135045ed8d0354ac4064561f88b4571f336773da
1091 Common Name: *.sa.zain.com
1092 Issuer: DigiCert SHA2 Secure Server CA
1093 Serial Number: 4122046712973974132525689677583708955
1094 Not Before: 2016-11-17 00:00:00
1095 Not After: 2020-02-03 12:00:00
1096 Signature Algorithm: sha256
1097 Public Key Algorithm: RSA
1098 Key Size: 2048
1099 Exponent: 65537 (0x10001)
1100 DNS Subject Alternative Names: ['*.sa.zain.com', 'sa.zain.com', 'www.sa.zain.com', 'shop.sa.zain.com', 'www.shop.sa.zain.com', 'websso.sa.zain.com', 'www.websso.sa.zain.com', 'pay.sa.zain.com', 'www.pay.sa.zain.com', 'corporate.sa.zain.com', 'www.corporate.sa.zain.com']
1101
1102 Trust
1103 Hostname Validation: FAILED - Certificate does NOT match 79.170.50.171
1104 Android CA Store (9.0.0_r9): OK - Certificate is trusted
1105 iOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
1106 Java CA Store (jdk-11.0.2): OK - Certificate is trusted
1107 macOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
1108 Mozilla CA Store (2018-11-22): OK - Certificate is trusted
1109 OPENJDK CA Store (jdk-11.0.2): OK - Certificate is trusted
1110 Windows CA Store (2018-12-08): OK - Certificate is trusted
1111 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
1112 Received Chain: *.sa.zain.com --> DigiCert SHA2 Secure Server CA
1113 Verified Chain: *.sa.zain.com --> DigiCert SHA2 Secure Server CA --> DigiCert Global Root CA
1114 Received Chain Contains Anchor: OK - Anchor certificate not sent
1115 Received Chain Order: OK - Order is valid
1116 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
1117
1118 Extensions
1119 OCSP Must-Staple: NOT SUPPORTED - Extension not found
1120 Certificate Transparency: NOT SUPPORTED - Extension not found
1121
1122 OCSP Stapling
1123 NOT SUPPORTED - Server did not send back an OCSP response
1124
1125 * OpenSSL Heartbleed:
1126 OK - Not vulnerable to Heartbleed
1127
1128 * TLSV1_1 Cipher Suites:
1129 Server rejected all cipher suites.
1130 Undefined - An unexpected error happened:
1131 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA timeout - timed out
1132 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
1133 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA timeout - timed out
1134
1135 * ROBOT Attack:
1136Unhandled exception while running --robot:
1137timeout - timed out
1138
1139 * TLSV1_2 Cipher Suites:
1140 Forward Secrecy OK - Supported
1141 RC4 OK - Not Supported
1142
1143 Preferred:
1144 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1145 Accepted:
1146 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1147 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1148 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1149 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1150 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1151 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1152 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1153 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
1154 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1155 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1156 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1157 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1158 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1159 TLS_DHE_RSA_WITH_AES_256_CCM 256 bits HTTP 200 OK
1160 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1161 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1162 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1163 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1164 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1165 RSA_WITH_AES_256_CCM_8 256 bits HTTP 200 OK
1166 RSA_WITH_AES_256_CCM 256 bits HTTP 200 OK
1167 RSA_WITH_AES_128_CCM_8 128 bits HTTP 200 OK
1168 DHE_RSA_WITH_AES_256_CCM_8 256 bits HTTP 200 OK
1169 DHE_RSA_WITH_AES_128_CCM_8 128 bits HTTP 200 OK
1170 DHE_RSA_WITH_AES_128_CCM 128 bits HTTP 200 OK
1171 Undefined - An unexpected error happened:
1172 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
1173 RSA_WITH_AES_128_CCM timeout - timed out
1174
1175 * Deflate Compression:
1176 OK - Compression disabled
1177
1178 * SSLV2 Cipher Suites:
1179 Server rejected all cipher suites.
1180 Undefined - An unexpected error happened:
1181 SSL_CK_RC2_128_CBC_WITH_MD5 timeout - timed out
1182 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 timeout - timed out
1183 SSL_CK_DES_64_CBC_WITH_MD5 timeout - timed out
1184
1185 * Downgrade Attacks:
1186 TLS_FALLBACK_SCSV: OK - Supported
1187
1188 * OpenSSL CCS Injection:
1189 OK - Not vulnerable to OpenSSL CCS injection
1190
1191 * Session Renegotiation:
1192 Client-initiated Renegotiation: OK - Rejected
1193 Secure Renegotiation: OK - Supported
1194
1195 * TLSV1 Cipher Suites:
1196 Server rejected all cipher suites.
1197 Undefined - An unexpected error happened:
1198 TLS_ECDH_anon_WITH_AES_128_CBC_SHA timeout - timed out
1199 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 timeout - timed out
1200 TLS_DH_anon_WITH_RC4_128_MD5 timeout - timed out
1201 TLS_DHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
1202 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
1203 TLS_DHE_DSS_WITH_AES_256_CBC_SHA timeout - timed out
1204
1205 * SSLV3 Cipher Suites:
1206 Server rejected all cipher suites.
1207 Undefined - An unexpected error happened:
1208 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA timeout - timed out
1209 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
1210 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
1211
1212
1213 SCAN COMPLETED IN 88.24 S
1214 -------------------------
1215#######################################################################################################################################
1216Domains still to check: 1
1217 Checking if the hostname sa.zain.com. given is in fact a domain...
1218
1219Analyzing domain: sa.zain.com.
1220 Checking NameServers using system default resolver...
1221 IP: 79.170.50.4 (Saudi Arabia)
1222 HostName: ns2.sa.zain.com Type: NS
1223 HostName: ns2.sa.zain.com Type: PTR
1224 IP: 79.170.50.3 (Saudi Arabia)
1225 HostName: ns1.sa.zain.com Type: NS
1226 HostName: ns1.sa.zain.com Type: PTR
1227
1228 Checking MailServers using system default resolver...
1229 IP: 79.170.50.12 (Saudi Arabia)
1230 HostName: mail-b.sa.zain.com Type: MX
1231 HostName: mail-b.sa.zain.com Type: PTR
1232 IP: 79.170.50.8 (Saudi Arabia)
1233 HostName: mail-a.sa.zain.com Type: MX
1234 HostName: mail-a.sa.zain.com Type: PTR
1235
1236 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1237 No zone transfer found on nameserver 79.170.50.4
1238 No zone transfer found on nameserver 79.170.50.3
1239
1240 Checking SPF record...
1241 New IP found: 213.208.241.10
1242 New IP found: 82.199.76.30
1243 New IP found: 79.170.50.9
1244 New IP found: 79.170.50.5
1245 New IP found: 82.199.68.90
1246 New IP found: 82.199.68.91
1247 New IP found: 95.66.103.198
1248 New IP found: 185.23.127.16
1249 New IP found: 185.23.127.17
1250
1251 Checking SPF record...
1252 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 207.46.100.0/24, but only the network IP
1253 New IP found: 207.46.100.0
1254 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 207.46.163.0/24, but only the network IP
1255 New IP found: 207.46.163.0
1256 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 65.55.169.0/24, but only the network IP
1257 New IP found: 65.55.169.0
1258 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 157.56.110.0/23, but only the network IP
1259 New IP found: 157.56.110.0
1260 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 157.55.234.0/24, but only the network IP
1261 New IP found: 157.55.234.0
1262 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 213.199.154.0/24, but only the network IP
1263 New IP found: 213.199.154.0
1264 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 213.199.180.128/26, but only the network IP
1265 New IP found: 213.199.180.128
1266 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 52.100.0.0/14, but only the network IP
1267 New IP found: 52.100.0.0
1268
1269 Checking SPF record...
1270 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 157.56.112.0/24, but only the network IP
1271 New IP found: 157.56.112.0
1272 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 207.46.51.64/26, but only the network IP
1273 New IP found: 207.46.51.64
1274 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 64.4.22.64/26, but only the network IP
1275 New IP found: 64.4.22.64
1276 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.92.0.0/15, but only the network IP
1277 New IP found: 40.92.0.0
1278 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.107.0.0/16, but only the network IP
1279 New IP found: 40.107.0.0
1280 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 134.170.140.0/24, but only the network IP
1281 New IP found: 134.170.140.0
1282
1283 Checking SPF record...
1284 There are no IPv4 addresses in the SPF. Maybe IPv6.
1285 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 23.103.128.0/19, but only the network IP
1286 New IP found: 23.103.128.0
1287 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 23.103.198.0/23, but only the network IP
1288 New IP found: 23.103.198.0
1289 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 65.55.88.0/24, but only the network IP
1290 New IP found: 65.55.88.0
1291 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.47.0.0/17, but only the network IP
1292 New IP found: 104.47.0.0
1293 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 23.103.200.0/21, but only the network IP
1294 New IP found: 23.103.200.0
1295 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 23.103.208.0/21, but only the network IP
1296 New IP found: 23.103.208.0
1297 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 23.103.191.0/24, but only the network IP
1298 New IP found: 23.103.191.0
1299 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.32.180.0/23, but only the network IP
1300 New IP found: 216.32.180.0
1301 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 94.245.120.64/26, but only the network IP
1302 New IP found: 94.245.120.64
1303 New hostname found: 2202::/48
1304 There are no IPv4 addresses in the SPF. Maybe IPv6.
1305
1306 Checking 193 most common hostnames using system default resolver...
1307 IP: 79.170.50.171 (Saudi Arabia)
1308 HostName: www.sa.zain.com. Type: A
1309 IP: 79.170.50.7 (Saudi Arabia)
1310 HostName: mail.sa.zain.com. Type: A
1311 IP: 79.170.50.3 (Saudi Arabia)
1312 HostName: ns1.sa.zain.com Type: NS
1313 HostName: ns1.sa.zain.com Type: PTR
1314 HostName: ns1.sa.zain.com. Type: A
1315 IP: 79.170.50.4 (Saudi Arabia)
1316 HostName: ns2.sa.zain.com Type: NS
1317 HostName: ns2.sa.zain.com Type: PTR
1318 HostName: ns2.sa.zain.com. Type: A
1319 IP: 79.170.50.188 (Saudi Arabia)
1320 HostName: owa.sa.zain.com. Type: A
1321 IP: 79.170.50.31 (Saudi Arabia)
1322 HostName: www1.sa.zain.com. Type: A
1323
1324 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1325 Checking netblock 65.55.169.0
1326 Checking netblock 52.100.0.0
1327 Checking netblock 82.199.76.0
1328 Checking netblock 79.170.50.0
1329 Checking netblock 65.55.88.0
1330 Checking netblock 207.46.100.0
1331 Checking netblock 157.55.234.0
1332 Checking netblock 185.23.127.0
1333 Checking netblock 23.103.198.0
1334 Checking netblock 82.199.68.0
1335 Checking netblock 40.107.0.0
1336 Checking netblock 23.103.128.0
1337 Checking netblock 64.4.22.0
1338 Checking netblock 157.56.110.0
1339 Checking netblock 23.103.208.0
1340 Checking netblock 157.56.112.0
1341 Checking netblock 207.46.163.0
1342 Checking netblock 134.170.140.0
1343 Checking netblock 213.199.154.0
1344 Checking netblock 95.66.103.0
1345 Checking netblock 23.103.191.0
1346 Checking netblock 40.92.0.0
1347 Checking netblock 94.245.120.0
1348 Checking netblock 216.32.180.0
1349 Checking netblock 213.208.241.0
1350 Checking netblock 207.46.51.0
1351 Checking netblock 104.47.0.0
1352 Checking netblock 213.199.180.0
1353 Checking netblock 23.103.200.0
1354
1355 Searching for sa.zain.com. emails in Google
1356 walid.soliman@sa.zain.com
1357 cc@sa.zain.com&
1358 khalid.mohammed@sa.zain.com&
1359 Bander.alghamdi@sa.zain.com.
1360 investor.relations@sa.zain.com.
1361 abdullah.aladil@sa.zain.com
1362
1363 Checking 40 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1364 Host 65.55.169.0 is up (reset ttl 64)
1365 Host 52.100.0.0 is up (reset ttl 64)
1366 Host 82.199.76.30 is up (reset ttl 64)
1367 Host 79.170.50.171 is up (reset ttl 64)
1368 Host 65.55.88.0 is up (reset ttl 64)
1369 Host 207.46.100.0 is up (reset ttl 64)
1370 Host 157.55.234.0 is up (reset ttl 64)
1371 Host 185.23.127.17 is up (reset ttl 64)
1372 Host 185.23.127.16 is up (reset ttl 64)
1373 Host 23.103.198.0 is up (reset ttl 64)
1374 Host 82.199.68.90 is up (reset ttl 64)
1375 Host 82.199.68.91 is up (reset ttl 64)
1376 Host 40.107.0.0 is up (reset ttl 64)
1377 Host 23.103.128.0 is up (reset ttl 64)
1378 Host 79.170.50.188 is up (reset ttl 64)
1379 Host 64.4.22.64 is up (reset ttl 64)
1380 Host 157.56.110.0 is up (reset ttl 64)
1381 Host 23.103.208.0 is up (reset ttl 64)
1382 Host 157.56.112.0 is up (reset ttl 64)
1383 Host 79.170.50.7 is up (reset ttl 64)
1384 Host 79.170.50.4 is up (reset ttl 64)
1385 Host 79.170.50.5 is up (reset ttl 64)
1386 Host 79.170.50.3 is up (reset ttl 64)
1387 Host 207.46.163.0 is up (reset ttl 64)
1388 Host 134.170.140.0 is up (reset ttl 64)
1389 Host 213.199.154.0 is up (reset ttl 64)
1390 Host 79.170.50.8 is up (reset ttl 64)
1391 Host 79.170.50.9 is up (reset ttl 64)
1392 Host 95.66.103.198 is up (reset ttl 64)
1393 Host 23.103.191.0 is up (reset ttl 64)
1394 Host 79.170.50.31 is up (reset ttl 64)
1395 Host 79.170.50.12 is up (reset ttl 64)
1396 Host 40.92.0.0 is up (reset ttl 64)
1397 Host 94.245.120.64 is up (reset ttl 64)
1398 Host 216.32.180.0 is up (reset ttl 64)
1399 Host 213.208.241.10 is up (reset ttl 64)
1400 Host 207.46.51.64 is up (reset ttl 64)
1401 Host 104.47.0.0 is up (reset ttl 64)
1402 Host 213.199.180.128 is up (reset ttl 64)
1403 Host 23.103.200.0 is up (reset ttl 64)
1404
1405 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1406 Scanning ip 65.55.169.0 ():
1407 Scanning ip 52.100.0.0 ():
1408 Scanning ip 82.199.76.30 ():
1409 Scanning ip 79.170.50.171 (www.sa.zain.com.):
1410 80/tcp open http syn-ack ttl 230 Apache httpd
1411 | http-methods:
1412 |_ Supported Methods: HEAD
1413 |_http-server-header: Apache
1414 |_http-title: Site doesn't have a title (text/html).
1415 443/tcp open ssl/http syn-ack ttl 230 Apache httpd
1416 |_http-title: 400 Bad Request
1417 | ssl-cert: Subject: commonName=*.sa.zain.com/organizationName=Mobile Telecommunications Co./stateOrProvinceName=Kuwait/countryName=KW
1418 | Subject Alternative Name: DNS:*.sa.zain.com, DNS:sa.zain.com, DNS:www.sa.zain.com, DNS:shop.sa.zain.com, DNS:www.shop.sa.zain.com, DNS:websso.sa.zain.com, DNS:www.websso.sa.zain.com, DNS:pay.sa.zain.com, DNS:www.pay.sa.zain.com, DNS:corporate.sa.zain.com, DNS:www.corporate.sa.zain.com
1419 | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
1420 | Public Key type: rsa
1421 | Public Key bits: 2048
1422 | Signature Algorithm: sha256WithRSAEncryption
1423 | Not valid before: 2016-11-17T00:00:00
1424 | Not valid after: 2020-02-03T12:00:00
1425 | MD5: 29a9 fe83 d8ad 5ed3 c0dc 56a0 2542 379b
1426 |_SHA-1: 1350 45ed 8d03 54ac 4064 561f 88b4 571f 3367 73da
1427 | tls-alpn:
1428 | http/1.1
1429 |_ http/1.1
1430 Device type: general purpose|WAP
1431 Scanning ip 65.55.88.0 ():
1432 Scanning ip 207.46.100.0 ():
1433 Scanning ip 157.55.234.0 ():
1434 Scanning ip 185.23.127.17 ():
1435 Scanning ip 185.23.127.16 ():
1436 Scanning ip 23.103.198.0 ():
1437 Scanning ip 82.199.68.90 ():
1438 Scanning ip 82.199.68.91 ():
1439 Scanning ip 40.107.0.0 ():
1440 Scanning ip 23.103.128.0 ():
1441 Scanning ip 79.170.50.188 (owa.sa.zain.com.):
1442 443/tcp open ssl/https? syn-ack ttl 99
1443 |_ssl-date: 2019-08-11T03:06:52+00:00; +2s from scanner time.
1444 | sslv2:
1445 | SSLv2 supported
1446 | ciphers:
1447 | SSL2_RC4_128_WITH_MD5
1448 |_ SSL2_DES_192_EDE3_CBC_WITH_MD5
1449 Device type: general purpose|WAP
1450 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (85%)
1451 |_clock-skew: mean: 1s, deviation: 0s, median: 1s
1452 Scanning ip 64.4.22.64 ():
1453 Scanning ip 157.56.110.0 ():
1454 Scanning ip 23.103.208.0 ():
1455 Scanning ip 157.56.112.0 ():
1456 Scanning ip 79.170.50.7 (mail.sa.zain.com.):
1457 443/tcp open ssl/https? syn-ack ttl 101
1458 |_ssl-date: 2019-08-11T03:09:38+00:00; +2s from scanner time.
1459 | sslv2:
1460 | SSLv2 supported
1461 | ciphers:
1462 | SSL2_RC4_128_WITH_MD5
1463 |_ SSL2_DES_192_EDE3_CBC_WITH_MD5
1464 Device type: general purpose|WAP
1465 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (85%)
1466 |_clock-skew: mean: 1s, deviation: 0s, median: 1s
1467 Scanning ip 79.170.50.4 (ns2.sa.zain.com.):
1468 53/tcp open domain syn-ack ttl 39 (unknown banner:)
1469 | dns-nsid:
1470 |_ bind.version:
1471 | fingerprint-strings:
1472 | DNSVersionBindReqTCP:
1473 | version
1474 |_ bind
1475 Scanning ip 79.170.50.5 ():
1476 Scanning ip 79.170.50.3 (ns1.sa.zain.com.):
1477 53/tcp open domain syn-ack ttl 39 (unknown banner:)
1478 | dns-nsid:
1479 |_ bind.version:
1480 | fingerprint-strings:
1481 | DNSVersionBindReqTCP:
1482 | version
1483 |_ bind
1484 Scanning ip 207.46.163.0 ():
1485 Scanning ip 134.170.140.0 ():
1486 Scanning ip 213.199.154.0 ():
1487 Scanning ip 79.170.50.8 (mail-a.sa.zain.com (PTR)):
1488 Scanning ip 79.170.50.9 ():
1489 Scanning ip 95.66.103.198 ():
1490 Scanning ip 23.103.191.0 ():
1491 Scanning ip 79.170.50.31 (www1.sa.zain.com.):
1492 Scanning ip 79.170.50.12 (mail-b.sa.zain.com (PTR)):
1493 Scanning ip 40.92.0.0 ():
1494 Scanning ip 94.245.120.64 ():
1495 Scanning ip 216.32.180.0 ():
1496 Scanning ip 213.208.241.10 ():
1497 Scanning ip 207.46.51.64 ():
1498 Scanning ip 104.47.0.0 ():
1499 Scanning ip 213.199.180.128 ():
1500 Scanning ip 23.103.200.0 ():
1501 WebCrawling domain's web servers... up to 50 max links.
1502
1503 + URL to crawl: http://www.sa.zain.com.
1504 + Date: 2019-08-10
1505
1506 + Crawling URL: http://www.sa.zain.com.:
1507 + Links:
1508 + Crawling http://www.sa.zain.com. (REDIRECTING TO: autoforms/portal/site/personal)
1509 + Searching for directories...
1510 + Searching open folders...
1511
1512
1513 + URL to crawl: https://www.sa.zain.com.
1514 + Date: 2019-08-10
1515
1516 + Crawling URL: https://www.sa.zain.com.:
1517 + Links:
1518 + Crawling https://www.sa.zain.com.
1519 + Searching for directories...
1520 + Searching open folders...
1521
1522--Finished--
1523Summary information for domain sa.zain.com.
1524-----------------------------------------
1525 Domain Specific Information:
1526 Email: walid.soliman@sa.zain.com
1527 Email: cc@sa.zain.com&
1528 Email: khalid.mohammed@sa.zain.com&
1529 Email: Bander.alghamdi@sa.zain.com.
1530 Email: investor.relations@sa.zain.com.
1531 Email: abdullah.aladil@sa.zain.com
1532
1533 Domain Ips Information:
1534 IP: 65.55.169.0
1535 Type: SPF
1536 Is Active: True (reset ttl 64)
1537 IP: 52.100.0.0
1538 Type: SPF
1539 Is Active: True (reset ttl 64)
1540 IP: 82.199.76.30
1541 Type: SPF
1542 Is Active: True (reset ttl 64)
1543 IP: 79.170.50.171
1544 HostName: www.sa.zain.com. Type: A
1545 Country: Saudi Arabia
1546 Is Active: True (reset ttl 64)
1547 Port: 80/tcp open http syn-ack ttl 230 Apache httpd
1548 Script Info: | http-methods:
1549 Script Info: |_ Supported Methods: HEAD
1550 Script Info: |_http-server-header: Apache
1551 Script Info: |_http-title: Site doesn't have a title (text/html).
1552 Port: 443/tcp open ssl/http syn-ack ttl 230 Apache httpd
1553 Script Info: |_http-title: 400 Bad Request
1554 Script Info: | ssl-cert: Subject: commonName=*.sa.zain.com/organizationName=Mobile Telecommunications Co./stateOrProvinceName=Kuwait/countryName=KW
1555 Script Info: | Subject Alternative Name: DNS:*.sa.zain.com, DNS:sa.zain.com, DNS:www.sa.zain.com, DNS:shop.sa.zain.com, DNS:www.shop.sa.zain.com, DNS:websso.sa.zain.com, DNS:www.websso.sa.zain.com, DNS:pay.sa.zain.com, DNS:www.pay.sa.zain.com, DNS:corporate.sa.zain.com, DNS:www.corporate.sa.zain.com
1556 Script Info: | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
1557 Script Info: | Public Key type: rsa
1558 Script Info: | Public Key bits: 2048
1559 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1560 Script Info: | Not valid before: 2016-11-17T00:00:00
1561 Script Info: | Not valid after: 2020-02-03T12:00:00
1562 Script Info: | MD5: 29a9 fe83 d8ad 5ed3 c0dc 56a0 2542 379b
1563 Script Info: |_SHA-1: 1350 45ed 8d03 54ac 4064 561f 88b4 571f 3367 73da
1564 Script Info: | tls-alpn:
1565 Script Info: | http/1.1
1566 Script Info: |_ http/1.1
1567 Script Info: Device type: general purpose|WAP
1568 IP: 65.55.88.0
1569 Type: SPF
1570 Is Active: True (reset ttl 64)
1571 IP: 207.46.100.0
1572 Type: SPF
1573 Is Active: True (reset ttl 64)
1574 IP: 157.55.234.0
1575 Type: SPF
1576 Is Active: True (reset ttl 64)
1577 IP: 185.23.127.17
1578 Type: SPF
1579 Is Active: True (reset ttl 64)
1580 IP: 185.23.127.16
1581 Type: SPF
1582 Is Active: True (reset ttl 64)
1583 IP: 23.103.198.0
1584 Type: SPF
1585 Is Active: True (reset ttl 64)
1586 IP: 82.199.68.90
1587 Type: SPF
1588 Is Active: True (reset ttl 64)
1589 IP: 82.199.68.91
1590 Type: SPF
1591 Is Active: True (reset ttl 64)
1592 IP: 40.107.0.0
1593 Type: SPF
1594 Is Active: True (reset ttl 64)
1595 IP: 23.103.128.0
1596 Type: SPF
1597 Is Active: True (reset ttl 64)
1598 IP: 79.170.50.188
1599 HostName: owa.sa.zain.com. Type: A
1600 Country: Saudi Arabia
1601 Is Active: True (reset ttl 64)
1602 Port: 443/tcp open ssl/https? syn-ack ttl 99
1603 Script Info: |_ssl-date: 2019-08-11T03:06:52+00:00; +2s from scanner time.
1604 Script Info: | sslv2:
1605 Script Info: | SSLv2 supported
1606 Script Info: | ciphers:
1607 Script Info: | SSL2_RC4_128_WITH_MD5
1608 Script Info: |_ SSL2_DES_192_EDE3_CBC_WITH_MD5
1609 Script Info: Device type: general purpose|WAP
1610 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (85%)
1611 Script Info: |_clock-skew: mean: 1s, deviation: 0s, median: 1s
1612 IP: 64.4.22.64
1613 Type: SPF
1614 Is Active: True (reset ttl 64)
1615 IP: 157.56.110.0
1616 Type: SPF
1617 Is Active: True (reset ttl 64)
1618 IP: 23.103.208.0
1619 Type: SPF
1620 Is Active: True (reset ttl 64)
1621 IP: 157.56.112.0
1622 Type: SPF
1623 Is Active: True (reset ttl 64)
1624 IP: 79.170.50.7
1625 HostName: mail.sa.zain.com. Type: A
1626 Country: Saudi Arabia
1627 Is Active: True (reset ttl 64)
1628 Port: 443/tcp open ssl/https? syn-ack ttl 101
1629 Script Info: |_ssl-date: 2019-08-11T03:09:38+00:00; +2s from scanner time.
1630 Script Info: | sslv2:
1631 Script Info: | SSLv2 supported
1632 Script Info: | ciphers:
1633 Script Info: | SSL2_RC4_128_WITH_MD5
1634 Script Info: |_ SSL2_DES_192_EDE3_CBC_WITH_MD5
1635 Script Info: Device type: general purpose|WAP
1636 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (85%)
1637 Script Info: |_clock-skew: mean: 1s, deviation: 0s, median: 1s
1638 IP: 79.170.50.4
1639 HostName: ns2.sa.zain.com Type: NS
1640 HostName: ns2.sa.zain.com Type: PTR
1641 HostName: ns2.sa.zain.com. Type: A
1642 Country: Saudi Arabia
1643 Is Active: True (reset ttl 64)
1644 Port: 53/tcp open domain syn-ack ttl 39 (unknown banner:)
1645 Script Info: | dns-nsid:
1646 Script Info: |_ bind.version:
1647 Script Info: | fingerprint-strings:
1648 Script Info: | DNSVersionBindReqTCP:
1649 Script Info: | version
1650 Script Info: |_ bind
1651 IP: 79.170.50.5
1652 Type: SPF
1653 Is Active: True (reset ttl 64)
1654 IP: 79.170.50.3
1655 HostName: ns1.sa.zain.com Type: NS
1656 HostName: ns1.sa.zain.com Type: PTR
1657 HostName: ns1.sa.zain.com. Type: A
1658 Country: Saudi Arabia
1659 Is Active: True (reset ttl 64)
1660 Port: 53/tcp open domain syn-ack ttl 39 (unknown banner:)
1661 Script Info: | dns-nsid:
1662 Script Info: |_ bind.version:
1663 Script Info: | fingerprint-strings:
1664 Script Info: | DNSVersionBindReqTCP:
1665 Script Info: | version
1666 Script Info: |_ bind
1667 IP: 207.46.163.0
1668 Type: SPF
1669 Is Active: True (reset ttl 64)
1670 IP: 134.170.140.0
1671 Type: SPF
1672 Is Active: True (reset ttl 64)
1673 IP: 213.199.154.0
1674 Type: SPF
1675 Is Active: True (reset ttl 64)
1676 IP: 79.170.50.8
1677 HostName: mail-a.sa.zain.com Type: MX
1678 HostName: mail-a.sa.zain.com Type: PTR
1679 Type: SPF
1680 Country: Saudi Arabia
1681 Is Active: True (reset ttl 64)
1682 IP: 79.170.50.9
1683 Type: SPF
1684 Is Active: True (reset ttl 64)
1685 IP: 95.66.103.198
1686 Type: SPF
1687 Is Active: True (reset ttl 64)
1688 IP: 23.103.191.0
1689 Type: SPF
1690 Is Active: True (reset ttl 64)
1691 IP: 79.170.50.31
1692 HostName: www1.sa.zain.com. Type: A
1693 Country: Saudi Arabia
1694 Is Active: True (reset ttl 64)
1695 IP: 79.170.50.12
1696 HostName: mail-b.sa.zain.com Type: MX
1697 HostName: mail-b.sa.zain.com Type: PTR
1698 Type: SPF
1699 Country: Saudi Arabia
1700 Is Active: True (reset ttl 64)
1701 IP: 40.92.0.0
1702 Type: SPF
1703 Is Active: True (reset ttl 64)
1704 IP: 94.245.120.64
1705 Type: SPF
1706 Is Active: True (reset ttl 64)
1707 IP: 216.32.180.0
1708 Type: SPF
1709 Is Active: True (reset ttl 64)
1710 IP: 213.208.241.10
1711 Type: SPF
1712 Is Active: True (reset ttl 64)
1713 IP: 207.46.51.64
1714 Type: SPF
1715 Is Active: True (reset ttl 64)
1716 IP: 104.47.0.0
1717 Type: SPF
1718 Is Active: True (reset ttl 64)
1719 IP: 213.199.180.128
1720 Type: SPF
1721 Is Active: True (reset ttl 64)
1722 IP: 23.103.200.0
1723 Type: SPF
1724 Is Active: True (reset ttl 64)
1725#######################################################################################################################################
1726Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-10 22:48 EDT
1727Nmap scan report for 79.170.50.171
1728Host is up (0.52s latency).
1729Not shown: 471 filtered ports, 3 closed ports
1730Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1731PORT STATE SERVICE
173280/tcp open http
1733443/tcp open https
1734#######################################################################################################################################
1735Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-10 22:50 EDT
1736Nmap scan report for 79.170.50.171
1737Host is up (0.20s latency).
1738Not shown: 2 filtered ports
1739PORT STATE SERVICE
174053/udp open|filtered domain
174167/udp open|filtered dhcps
174268/udp open|filtered dhcpc
174369/udp open|filtered tftp
174488/udp open|filtered kerberos-sec
1745123/udp open|filtered ntp
1746139/udp open|filtered netbios-ssn
1747161/udp open|filtered snmp
1748162/udp open|filtered snmptrap
1749389/udp open|filtered ldap
1750520/udp open|filtered route
17512049/udp open|filtered nfs
1752#######################################################################################################################################
1753Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-10 22:50 EDT
1754Nmap scan report for 79.170.50.171
1755Host is up.
1756
1757PORT STATE SERVICE VERSION
175867/udp open|filtered dhcps
1759|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1760Too many fingerprints match this host to give specific OS details
1761
1762TRACEROUTE (using proto 1/icmp)
1763HOP RTT ADDRESS
17641 208.01 ms 10.242.200.1
17652 208.38 ms 185.242.4.145
17663 208.17 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
17674 210.45 ms 61.120.144.233
17685 209.04 ms ae-10.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.5.50)
17696 211.28 ms ae-18.r31.tokyjp05.jp.bb.gin.ntt.net (129.250.6.128)
17707 209.28 ms ae-3.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.3.56)
17718 ...
17729 430.13 ms ae-1-3114.edge5.London1.Level3.net (4.69.148.218)
177310 438.74 ms unknown.Level3.net (212.187.138.206)
177411 510.52 ms 151.248.96.76
177512 510.32 ms 151.248.96.76
177613 508.35 ms 151.248.98.130
177714 512.31 ms 10.169.0.10
177815 514.32 ms 10.240.3.241
177916 ... 30
1780#######################################################################################################################################
1781Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-10 22:52 EDT
1782Nmap scan report for 79.170.50.171
1783Host is up.
1784
1785PORT STATE SERVICE VERSION
178668/udp open|filtered dhcpc
1787Too many fingerprints match this host to give specific OS details
1788
1789TRACEROUTE (using proto 1/icmp)
1790HOP RTT ADDRESS
17911 203.37 ms 10.242.200.1
17922 203.40 ms 185.242.4.145
17933 203.40 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
17944 197.72 ms 61.120.144.233
17955 197.43 ms ae-10.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.5.50)
17966 197.95 ms ae-18.r31.tokyjp05.jp.bb.gin.ntt.net (129.250.6.128)
17977 197.95 ms ae-3.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.3.56)
17988 ...
17999 429.32 ms ae-1-3114.edge5.London1.Level3.net (4.69.148.218)
180010 437.93 ms unknown.Level3.net (212.187.138.206)
180111 520.21 ms 151.248.96.76
180212 519.82 ms 151.248.96.76
180313 517.98 ms 151.248.98.130
180414 521.76 ms 10.169.0.10
180515 513.89 ms 10.240.3.241
180616 ... 30
1807#######################################################################################################################################
1808Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-10 22:54 EDT
1809Nmap scan report for 79.170.50.171
1810Host is up.
1811
1812PORT STATE SERVICE VERSION
181369/udp open|filtered tftp
1814Too many fingerprints match this host to give specific OS details
1815
1816TRACEROUTE (using proto 1/icmp)
1817HOP RTT ADDRESS
18181 196.72 ms 10.242.200.1
18192 197.75 ms 185.242.4.145
18203 198.90 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
18214 198.60 ms 61.120.144.233
18225 197.79 ms ae-10.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.5.50)
18236 198.63 ms ae-18.r31.tokyjp05.jp.bb.gin.ntt.net (129.250.6.128)
18247 198.59 ms ae-3.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.3.56)
18258 ...
18269 429.04 ms ae-1-3114.edge5.London1.Level3.net (4.69.148.218)
182710 438.29 ms unknown.Level3.net (212.187.138.206)
182811 510.07 ms 151.248.96.76
182912 509.99 ms 151.248.96.76
183013 507.42 ms 151.248.98.130
183114 511.51 ms 10.169.0.10
183215 513.40 ms 10.240.3.241
183316 ... 30
1834#######################################################################################################################################
1835Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-10 22:56 EDT
1836Nmap scan report for 79.170.50.171
1837Host is up.
1838
1839PORT STATE SERVICE VERSION
184080/tcp filtered http
1841Too many fingerprints match this host to give specific OS details
1842
1843TRACEROUTE (using proto 1/icmp)
1844HOP RTT ADDRESS
18451 201.43 ms 10.242.200.1
18462 201.78 ms 185.242.4.145
18473 196.30 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
18484 197.05 ms 61.120.144.233
18495 196.88 ms ae-10.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.5.50)
18506 197.70 ms ae-18.r31.tokyjp05.jp.bb.gin.ntt.net (129.250.6.128)
18517 197.30 ms ae-3.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.3.56)
18528 ...
18539 429.33 ms ae-1-3114.edge5.London1.Level3.net (4.69.148.218)
185410 437.55 ms unknown.Level3.net (212.187.138.206)
185511 508.73 ms 151.248.96.76
185612 508.65 ms 151.248.96.76
185713 506.52 ms 151.248.98.130
185814 510.03 ms 10.169.0.10
185915 518.07 ms 10.240.3.241
186016 ... 30
1861#######################################################################################################################################
1862http://79.170.50.171 [200 OK] Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[79.170.50.171], Meta-Refresh-Redirect[autoforms/portal/site/personal], Script[javascript], UncommonHeaders[x-content-type-options,node,x-request-received,x-request-processing-time], X-Frame-Options[sameorigin], X-XSS-Protection[1; mode=block]
1863http://79.170.50.171/autoforms/portal/site/personal [200 OK] Apache, Cookies[JSESSIONID], Country[SAUDI ARABIA][SA], HTML5, HTTPServer[Apache], HttpOnly[JSESSIONID], IP[79.170.50.171], Script[application/ld+json,text/javascript], Title[باقات زين المفوترة ومُسبقة الدفع | زين السعودية - زين المملكة العربية السعودية], UncommonHeaders[x-content-type-options,node,x-request-received,x-request-processing-time], X-Frame-Options[sameorigin], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block]
1864#######################################################################################################################################
1865HTTP/1.1 200 OK
1866Date: Sun, 11 Aug 2019 03:14:06 GMT
1867Server: Apache
1868Last-Modified: Sun, 04 Aug 2019 02:42:40 GMT
1869Accept-Ranges: bytes
1870Content-Length: 452
1871Vary: Accept-Encoding
1872X-Content-Type-Options: nosniff
1873X-Frame-Options: sameorigin
1874X-XSS-Protection: 1; mode=block
1875Node: wfp02
1876X-Request-Received: t=1565493246254718
1877X-Request-Processing-Time: D=396
1878Content-Type: text/html
1879
1880HTTP/1.1 200 OK
1881Date: Sun, 11 Aug 2019 03:14:07 GMT
1882Server: Apache
1883Last-Modified: Sun, 04 Aug 2019 02:42:40 GMT
1884Accept-Ranges: bytes
1885Content-Length: 452
1886Vary: Accept-Encoding
1887X-Content-Type-Options: nosniff
1888X-Frame-Options: sameorigin
1889X-XSS-Protection: 1; mode=block
1890Node: wfp02
1891X-Request-Received: t=1565493247291428
1892X-Request-Processing-Time: D=404
1893Content-Type: text/html
1894#######################################################################################################################################
1895Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-10 23:14 EDT
1896Nmap scan report for 79.170.50.171
1897Host is up.
1898
1899PORT STATE SERVICE VERSION
1900123/udp open|filtered ntp
1901Too many fingerprints match this host to give specific OS details
1902
1903TRACEROUTE (using proto 1/icmp)
1904HOP RTT ADDRESS
19051 197.00 ms 10.242.200.1
19062 197.26 ms 185.242.4.145
19073 200.98 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
19084 197.09 ms 61.120.144.233
19095 197.85 ms ae-10.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.5.50)
19106 198.26 ms ae-18.r31.tokyjp05.jp.bb.gin.ntt.net (129.250.6.128)
19117 198.00 ms ae-3.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.3.56)
19128 ...
19139 429.36 ms ae-1-3114.edge5.London1.Level3.net (4.69.148.218)
191410 438.02 ms unknown.Level3.net (212.187.138.206)
191511 509.12 ms 151.248.96.76
191612 508.87 ms 151.248.96.76
191713 506.87 ms 151.248.98.130
191814 510.82 ms 10.169.0.10
191915 513.04 ms 10.240.3.241
192016 ... 30
1921#######################################################################################################################################
1922Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-10 23:16 EDT
1923Nmap scan report for 79.170.50.171
1924Host is up.
1925
1926PORT STATE SERVICE VERSION
1927443/tcp filtered https
1928Too many fingerprints match this host to give specific OS details
1929
1930TRACEROUTE (using proto 1/icmp)
1931HOP RTT ADDRESS
19321 198.30 ms 10.242.200.1
19332 198.34 ms 185.242.4.145
19343 200.73 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
19354 198.36 ms 61.120.144.233
19365 198.38 ms ae-10.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.5.50)
19376 199.93 ms ae-18.r31.tokyjp05.jp.bb.gin.ntt.net (129.250.6.128)
19387 198.74 ms ae-3.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.3.56)
19398 ...
19409 430.48 ms ae-1-3114.edge5.London1.Level3.net (4.69.148.218)
194110 438.09 ms unknown.Level3.net (212.187.138.206)
194211 510.12 ms 151.248.96.76
194312 509.69 ms 151.248.96.76
194413 507.88 ms 151.248.98.130
194514 511.65 ms 10.169.0.10
194615 513.91 ms 10.240.3.241
194716 ... 30
1948######################################################################################################################################
1949https://79.170.50.171 [200 OK] Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[79.170.50.171], Meta-Refresh-Redirect[autoforms/portal/site/personal], Script[javascript], Strict-Transport-Security[max-age=86400], UncommonHeaders[x-content-type-options,node,x-request-received,x-request-processing-time], X-Frame-Options[sameorigin], X-XSS-Protection[1; mode=block]
1950https://79.170.50.171/autoforms/portal/site/personal [200 OK] Apache, Cookies[JSESSIONID], Country[SAUDI ARABIA][SA], HTML5, HTTPServer[Apache], HttpOnly[JSESSIONID], IP[79.170.50.171], Script[application/ld+json,text/javascript], Strict-Transport-Security[max-age=86400], Title[باقات زين المفوترة ومُسبقة الدفع | زين السعودية - زين المملكة العربية السعودية], UncommonHeaders[x-content-type-options,node,x-request-received,x-request-processing-time], X-Frame-Options[sameorigin], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block]
1951#######################################################################################################################################
1952Version: 1.11.13-static
1953OpenSSL 1.0.2-chacha (1.0.2g-dev)
1954
1955Connected to 79.170.50.171
1956
1957Testing SSL server 79.170.50.171 on port 443 using SNI name 79.170.50.171
1958
1959 TLS Fallback SCSV:
1960Server supports TLS Fallback SCSV
1961
1962 TLS renegotiation:
1963Session renegotiation not supported
1964
1965 TLS Compression:
1966Compression disabled
1967
1968 Heartbleed:
1969TLS 1.2 not vulnerable to heartbleed
1970TLS 1.1 not vulnerable to heartbleed
1971TLS 1.0 not vulnerable to heartbleed
1972
1973 Supported Server Cipher(s):
1974Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1975Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1976Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1977Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
1978Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
1979Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1980Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1981Accepted TLSv1.2 256 bits AES256-SHA256
1982Accepted TLSv1.2 256 bits AES256-SHA
1983Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1984Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1985Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1986Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
1987Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
1988Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1989Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1990Accepted TLSv1.2 128 bits AES128-SHA256
1991Accepted TLSv1.2 128 bits AES128-SHA
1992
1993 SSL Certificate:
1994Signature Algorithm: sha256WithRSAEncryption
1995RSA Key Strength: 2048
1996
1997Subject: *.sa.zain.com
1998Altnames: DNS:*.sa.zain.com, DNS:sa.zain.com, DNS:www.sa.zain.com, DNS:shop.sa.zain.com, DNS:www.shop.sa.zain.com, DNS:websso.sa.zain.com, DNS:www.websso.sa.zain.com, DNS:pay.sa.zain.com, DNS:www.pay.sa.zain.com, DNS:corporate.sa.zain.com, DNS:www.corporate.sa.zain.com
1999Issuer: DigiCert SHA2 Secure Server CA
2000
2001Not valid before: Nov 17 00:00:00 2016 GMT
2002Not valid after: Feb 3 12:00:00 2020 GMT
2003#######################################################################################################################################
2004--------------------------------------------------------
2005<<<Yasuo discovered following vulnerable applications>>>
2006--------------------------------------------------------
2007+----------------------+----------------------------------+------------------------------------------+----------+----------+
2008| App Name | URL to Application | Potential Exploit | Username | Password |
2009+----------------------+----------------------------------+------------------------------------------+----------+----------+
2010| JBoss Status Servlet | https://79.170.50.171:443/status | ./auxiliary/scanner/http/jboss_status.rb | | |
2011+----------------------+----------------------------------+------------------------------------------+----------+----------+
2012#######################################################################################################################################
2013Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-10 23:25 EDT
2014NSE: Loaded 45 scripts for scanning.
2015NSE: Script Pre-scanning.
2016NSE: Starting runlevel 1 (of 2) scan.
2017Initiating NSE at 23:25
2018Completed NSE at 23:25, 0.00s elapsed
2019NSE: Starting runlevel 2 (of 2) scan.
2020Initiating NSE at 23:25
2021Completed NSE at 23:25, 0.00s elapsed
2022Initiating Ping Scan at 23:25
2023Scanning 79.170.50.171 [4 ports]
2024Completed Ping Scan at 23:25, 0.56s elapsed (1 total hosts)
2025Initiating Parallel DNS resolution of 1 host. at 23:25
2026Completed Parallel DNS resolution of 1 host. at 23:25, 0.02s elapsed
2027Initiating Connect Scan at 23:25
2028Scanning 79.170.50.171 [65535 ports]
2029Discovered open port 80/tcp on 79.170.50.171
2030Discovered open port 443/tcp on 79.170.50.171
2031Connect Scan Timing: About 3.04% done; ETC: 23:42 (0:16:28 remaining)
2032Connect Scan Timing: About 16.21% done; ETC: 23:31 (0:05:15 remaining)
2033Connect Scan Timing: About 35.67% done; ETC: 23:29 (0:02:44 remaining)
2034Connect Scan Timing: About 53.29% done; ETC: 23:29 (0:01:46 remaining)
2035Connect Scan Timing: About 70.57% done; ETC: 23:28 (0:01:03 remaining)
2036Connect Scan Timing: About 80.94% done; ETC: 23:29 (0:00:43 remaining)
2037Completed Connect Scan at 23:29, 232.69s elapsed (65535 total ports)
2038Initiating Service scan at 23:29
2039Scanning 2 services on 79.170.50.171
2040Completed Service scan at 23:29, 15.18s elapsed (2 services on 1 host)
2041Initiating OS detection (try #1) against 79.170.50.171
2042Retrying OS detection (try #2) against 79.170.50.171
2043Initiating Traceroute at 23:29
2044Completed Traceroute at 23:29, 6.74s elapsed
2045Initiating Parallel DNS resolution of 13 hosts. at 23:29
2046Completed Parallel DNS resolution of 13 hosts. at 23:29, 0.44s elapsed
2047NSE: Script scanning 79.170.50.171.
2048NSE: Starting runlevel 1 (of 2) scan.
2049Initiating NSE at 23:29
2050Completed NSE at 23:29, 8.02s elapsed
2051NSE: Starting runlevel 2 (of 2) scan.
2052Initiating NSE at 23:29
2053Completed NSE at 23:29, 0.00s elapsed
2054Nmap scan report for 79.170.50.171
2055Host is up, received syn-ack ttl 229 (0.19s latency).
2056Scanned at 2019-08-10 23:25:23 EDT for 274s
2057Not shown: 65530 filtered ports
2058Reason: 65530 no-responses
2059PORT STATE SERVICE REASON VERSION
206025/tcp closed smtp conn-refused
206180/tcp open http syn-ack Apache httpd
2062|_http-server-header: Apache
2063| vulscan: VulDB - https://vuldb.com:
2064| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
2065| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
2066| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
2067| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
2068| [134416] Apache Sanselan 0.97-incubator Loop denial of service
2069| [134415] Apache Sanselan 0.97-incubator Hang denial of service
2070| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
2071| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
2072| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2073| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2074| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
2075| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
2076| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
2077| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
2078| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
2079| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
2080| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
2081| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
2082| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
2083| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2084| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
2085| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
2086| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
2087| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
2088| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2089| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2090| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
2091| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
2092| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
2093| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
2094| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
2095| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
2096| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
2097| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
2098| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
2099| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
2100| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
2101| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
2102| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
2103| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
2104| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
2105| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
2106| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
2107| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
2108| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
2109| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
2110| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
2111| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
2112| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
2113| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
2114| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
2115| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
2116| [131859] Apache Hadoop up to 2.9.1 privilege escalation
2117| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
2118| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
2119| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
2120| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
2121| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
2122| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
2123| [130629] Apache Guacamole Cookie Flag weak encryption
2124| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
2125| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
2126| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
2127| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
2128| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
2129| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
2130| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
2131| [130123] Apache Airflow up to 1.8.2 information disclosure
2132| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
2133| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
2134| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
2135| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
2136| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2137| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2138| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2139| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
2140| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
2141| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
2142| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
2143| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
2144| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2145| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
2146| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
2147| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
2148| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
2149| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
2150| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2151| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
2152| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2153| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
2154| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
2155| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
2156| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
2157| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
2158| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
2159| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
2160| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
2161| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
2162| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
2163| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
2164| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
2165| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
2166| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
2167| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
2168| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
2169| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
2170| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
2171| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
2172| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
2173| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
2174| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
2175| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
2176| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
2177| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
2178| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
2179| [127007] Apache Spark Request Code Execution
2180| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
2181| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
2182| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
2183| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
2184| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
2185| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
2186| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
2187| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
2188| [126346] Apache Tomcat Path privilege escalation
2189| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
2190| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
2191| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
2192| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
2193| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
2194| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
2195| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
2196| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
2197| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
2198| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
2199| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
2200| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2201| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
2202| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
2203| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
2204| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
2205| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
2206| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
2207| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
2208| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
2209| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
2210| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
2211| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
2212| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
2213| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
2214| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
2215| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
2216| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
2217| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
2218| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
2219| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
2220| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
2221| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
2222| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
2223| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
2224| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
2225| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
2226| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
2227| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
2228| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
2229| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
2230| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
2231| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
2232| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
2233| [123197] Apache Sentry up to 2.0.0 privilege escalation
2234| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
2235| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
2236| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
2237| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2238| [122800] Apache Spark 1.3.0 REST API weak authentication
2239| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2240| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2241| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2242| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2243| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2244| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2245| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2246| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2247| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2248| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2249| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2250| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2251| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2252| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2253| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2254| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2255| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2256| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2257| [121354] Apache CouchDB HTTP API Code Execution
2258| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2259| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2260| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2261| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2262| [120168] Apache CXF weak authentication
2263| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2264| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2265| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2266| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2267| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2268| [119306] Apache MXNet Network Interface privilege escalation
2269| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2270| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2271| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2272| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2273| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2274| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2275| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2276| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2277| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2278| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2279| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2280| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2281| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2282| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2283| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2284| [117115] Apache Tika up to 1.17 tika-server command injection
2285| [116929] Apache Fineract getReportType Parameter privilege escalation
2286| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2287| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2288| [116926] Apache Fineract REST Hand Parameter privilege escalation
2289| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2290| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2291| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2292| [115883] Apache Hive up to 2.3.2 privilege escalation
2293| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2294| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2295| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2296| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2297| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2298| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2299| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2300| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2301| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2302| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2303| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2304| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2305| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2306| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2307| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2308| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2309| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2310| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2311| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2312| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2313| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2314| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2315| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2316| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2317| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2318| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2319| [113895] Apache Geode up to 1.3.x Code Execution
2320| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2321| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2322| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2323| [113747] Apache Tomcat Servlets privilege escalation
2324| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2325| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2326| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2327| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2328| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2329| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2330| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2331| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2332| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2333| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2334| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2335| [112885] Apache Allura up to 1.8.0 File information disclosure
2336| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2337| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2338| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2339| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2340| [112625] Apache POI up to 3.16 Loop denial of service
2341| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2342| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2343| [112339] Apache NiFi 1.5.0 Header privilege escalation
2344| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2345| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2346| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2347| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2348| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2349| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2350| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2351| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2352| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2353| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2354| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2355| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2356| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2357| [112114] Oracle 9.1 Apache Log4j privilege escalation
2358| [112113] Oracle 9.1 Apache Log4j privilege escalation
2359| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2360| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2361| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2362| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2363| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2364| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2365| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2366| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2367| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2368| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2369| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2370| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2371| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2372| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2373| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2374| [110701] Apache Fineract Query Parameter sql injection
2375| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2376| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2377| [110393] Apple macOS up to 10.13.2 apache information disclosure
2378| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2379| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2380| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2381| [110106] Apache CXF Fediz Spring cross site request forgery
2382| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2383| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2384| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2385| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2386| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2387| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2388| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2389| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2390| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2391| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2392| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2393| [108938] Apple macOS up to 10.13.1 apache denial of service
2394| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2395| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2396| [108935] Apple macOS up to 10.13.1 apache denial of service
2397| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2398| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2399| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2400| [108931] Apple macOS up to 10.13.1 apache denial of service
2401| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2402| [108929] Apple macOS up to 10.13.1 apache denial of service
2403| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2404| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2405| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2406| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2407| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2408| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2409| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2410| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
2411| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2412| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2413| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2414| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2415| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2416| [108782] Apache Xerces2 XML Service denial of service
2417| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2418| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2419| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2420| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2421| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2422| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2423| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2424| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2425| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2426| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2427| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2428| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2429| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2430| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2431| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2432| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2433| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2434| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2435| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2436| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2437| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2438| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2439| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2440| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2441| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2442| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
2443| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
2444| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2445| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
2446| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2447| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2448| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2449| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
2450| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
2451| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2452| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2453| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2454| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2455| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2456| [107639] Apache NiFi 1.4.0 XML External Entity
2457| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2458| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2459| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2460| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2461| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2462| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2463| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2464| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2465| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2466| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2467| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2468| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2469| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2470| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2471| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2472| [107084] Apache Struts up to 2.3.19 cross site scripting
2473| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2474| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2475| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2476| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2477| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2478| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2479| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2480| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2481| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2482| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2483| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2484| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2485| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2486| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2487| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2488| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2489| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2490| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2491| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2492| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2493| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2494| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2495| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2496| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2497| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2498| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2499| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2500| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2501| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2502| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2503| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2504| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2505| [105643] Apache Pony Mail up to 0.8b weak authentication
2506| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2507| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2508| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2509| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2510| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2511| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2512| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2513| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2514| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2515| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2516| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2517| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2518| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2519| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2520| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2521| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2522| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2523| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2524| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2525| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2526| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2527| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2528| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2529| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2530| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2531| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2532| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2533| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2534| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2535| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2536| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2537| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2538| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2539| [103690] Apache OpenMeetings 1.0.0 sql injection
2540| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2541| [103688] Apache OpenMeetings 1.0.0 weak encryption
2542| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2543| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2544| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2545| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2546| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2547| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2548| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2549| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2550| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2551| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2552| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2553| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2554| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2555| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2556| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2557| [103352] Apache Solr Node weak authentication
2558| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2559| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2560| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2561| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
2562| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2563| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2564| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2565| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2566| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2567| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2568| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2569| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2570| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2571| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2572| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2573| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2574| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2575| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2576| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2577| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
2578| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2579| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2580| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2581| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2582| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2583| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2584| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2585| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2586| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2587| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2588| [99937] Apache Batik up to 1.8 privilege escalation
2589| [99936] Apache FOP up to 2.1 privilege escalation
2590| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2591| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2592| [99930] Apache Traffic Server up to 6.2.0 denial of service
2593| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2594| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2595| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2596| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2597| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2598| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2599| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2600| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2601| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2602| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2603| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2604| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2605| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2606| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2607| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2608| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2609| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2610| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2611| [98605] Apple macOS up to 10.12.3 Apache denial of service
2612| [98604] Apple macOS up to 10.12.3 Apache denial of service
2613| [98603] Apple macOS up to 10.12.3 Apache denial of service
2614| [98602] Apple macOS up to 10.12.3 Apache denial of service
2615| [98601] Apple macOS up to 10.12.3 Apache denial of service
2616| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2617| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2618| [98199] Apache Camel Validation XML External Entity
2619| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2620| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2621| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2622| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2623| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2624| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2625| [97081] Apache Tomcat HTTPS Request denial of service
2626| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2627| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2628| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2629| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2630| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2631| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2632| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2633| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2634| [95311] Apache storm UI Daemon privilege escalation
2635| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2636| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2637| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2638| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2639| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2640| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2641| [94540] Apache Tika 1.9 tika-server File information disclosure
2642| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2643| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2644| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2645| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2646| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2647| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2648| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2649| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2650| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2651| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2652| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2653| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2654| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2655| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2656| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2657| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2658| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2659| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2660| [93532] Apache Commons Collections Library Java privilege escalation
2661| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2662| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2663| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2664| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2665| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2666| [93098] Apache Commons FileUpload privilege escalation
2667| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2668| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2669| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2670| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2671| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2672| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2673| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2674| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2675| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2676| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2677| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2678| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2679| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2680| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2681| [92549] Apache Tomcat on Red Hat privilege escalation
2682| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2683| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2684| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2685| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2686| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2687| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2688| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2689| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2690| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2691| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2692| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2693| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2694| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2695| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2696| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2697| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2698| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2699| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2700| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2701| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2702| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2703| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2704| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2705| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2706| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2707| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2708| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2709| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2710| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2711| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2712| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2713| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2714| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2715| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2716| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2717| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2718| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2719| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2720| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2721| [90263] Apache Archiva Header denial of service
2722| [90262] Apache Archiva Deserialize privilege escalation
2723| [90261] Apache Archiva XML DTD Connection privilege escalation
2724| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2725| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2726| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2727| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2728| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2729| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2730| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2731| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2732| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2733| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2734| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2735| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2736| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2737| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2738| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2739| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2740| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2741| [87765] Apache James Server 2.3.2 Command privilege escalation
2742| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2743| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2744| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2745| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2746| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2747| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2748| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2749| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2750| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2751| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2752| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2753| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2754| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2755| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2756| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2757| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2758| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2759| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
2760| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2761| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2762| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2763| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2764| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2765| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2766| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2767| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2768| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2769| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2770| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2771| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2772| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2773| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2774| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2775| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2776| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2777| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2778| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2779| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2780| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2781| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2782| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2783| [82076] Apache Ranger up to 0.5.1 privilege escalation
2784| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2785| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2786| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2787| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2788| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2789| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2790| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2791| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2792| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2793| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2794| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2795| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2796| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2797| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2798| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2799| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2800| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2801| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2802| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2803| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2804| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2805| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2806| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2807| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2808| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2809| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2810| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2811| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2812| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2813| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2814| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2815| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2816| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2817| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2818| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2819| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2820| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2821| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2822| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2823| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2824| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2825| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2826| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2827| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2828| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2829| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2830| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2831| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2832| [78989] Apache Ambari up to 2.1.1 Open Redirect
2833| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2834| [78987] Apache Ambari up to 2.0.x cross site scripting
2835| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2836| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2837| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2838| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2839| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2840| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2841| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2842| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2843| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2844| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2845| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2846| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2847| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2848| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2849| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2850| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2851| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2852| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2853| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2854| [76567] Apache Struts 2.3.20 unknown vulnerability
2855| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2856| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2857| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2858| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2859| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2860| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2861| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2862| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2863| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2864| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2865| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2866| [74793] Apache Tomcat File Upload denial of service
2867| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2868| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2869| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2870| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2871| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2872| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2873| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2874| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2875| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2876| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2877| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2878| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2879| [74468] Apache Batik up to 1.6 denial of service
2880| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2881| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2882| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2883| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2884| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2885| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2886| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2887| [73731] Apache XML Security unknown vulnerability
2888| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2889| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2890| [73593] Apache Traffic Server up to 5.1.0 denial of service
2891| [73511] Apache POI up to 3.10 Deadlock denial of service
2892| [73510] Apache Solr up to 4.3.0 cross site scripting
2893| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2894| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2895| [73173] Apache CloudStack Stack-Based unknown vulnerability
2896| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2897| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2898| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2899| [72890] Apache Qpid 0.30 unknown vulnerability
2900| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2901| [72878] Apache Cordova 3.5.0 cross site request forgery
2902| [72877] Apache Cordova 3.5.0 cross site request forgery
2903| [72876] Apache Cordova 3.5.0 cross site request forgery
2904| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2905| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2906| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2907| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2908| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2909| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2910| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2911| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2912| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2913| [71629] Apache Axis2/C spoofing
2914| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2915| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2916| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2917| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2918| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2919| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2920| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2921| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2922| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2923| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2924| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2925| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2926| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2927| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2928| [70809] Apache POI up to 3.11 Crash denial of service
2929| [70808] Apache POI up to 3.10 unknown vulnerability
2930| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2931| [70749] Apache Axis up to 1.4 getCN spoofing
2932| [70701] Apache Traffic Server up to 3.3.5 denial of service
2933| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2934| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2935| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2936| [70661] Apache Subversion up to 1.6.17 denial of service
2937| [70660] Apache Subversion up to 1.6.17 spoofing
2938| [70659] Apache Subversion up to 1.6.17 spoofing
2939| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2940| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2941| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2942| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2943| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2944| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2945| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2946| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2947| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2948| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2949| [69846] Apache HBase up to 0.94.8 information disclosure
2950| [69783] Apache CouchDB up to 1.2.0 memory corruption
2951| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2952| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
2953| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2954| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2955| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2956| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2957| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2958| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2959| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2960| [69431] Apache Archiva up to 1.3.6 cross site scripting
2961| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2962| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2963| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
2964| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2965| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2966| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2967| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2968| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2969| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2970| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2971| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2972| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2973| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2974| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2975| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2976| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2977| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2978| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2979| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2980| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2981| [66356] Apache Wicket up to 6.8.0 information disclosure
2982| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2983| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2984| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2985| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2986| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2987| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2988| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2989| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2990| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2991| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2992| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2993| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2994| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2995| [65668] Apache Solr 4.0.0 Updater denial of service
2996| [65665] Apache Solr up to 4.3.0 denial of service
2997| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2998| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2999| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
3000| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
3001| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
3002| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
3003| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
3004| [65410] Apache Struts 2.3.15.3 cross site scripting
3005| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
3006| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
3007| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
3008| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
3009| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
3010| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
3011| [65340] Apache Shindig 2.5.0 information disclosure
3012| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
3013| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
3014| [10826] Apache Struts 2 File privilege escalation
3015| [65204] Apache Camel up to 2.10.1 unknown vulnerability
3016| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
3017| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
3018| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
3019| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
3020| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
3021| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
3022| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
3023| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
3024| [64722] Apache XML Security for C++ Heap-based memory corruption
3025| [64719] Apache XML Security for C++ Heap-based memory corruption
3026| [64718] Apache XML Security for C++ verify denial of service
3027| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
3028| [64716] Apache XML Security for C++ spoofing
3029| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
3030| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
3031| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
3032| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
3033| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
3034| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
3035| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
3036| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
3037| [64485] Apache Struts up to 2.2.3.0 privilege escalation
3038| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
3039| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
3040| [64467] Apache Geronimo 3.0 memory corruption
3041| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
3042| [64457] Apache Struts up to 2.2.3.0 cross site scripting
3043| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
3044| [9184] Apache Qpid up to 0.20 SSL misconfiguration
3045| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
3046| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
3047| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
3048| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
3049| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
3050| [8873] Apache Struts 2.3.14 privilege escalation
3051| [8872] Apache Struts 2.3.14 privilege escalation
3052| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
3053| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
3054| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
3055| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
3056| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
3057| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3058| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3059| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
3060| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
3061| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
3062| [64006] Apache ActiveMQ up to 5.7.0 denial of service
3063| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
3064| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
3065| [8427] Apache Tomcat Session Transaction weak authentication
3066| [63960] Apache Maven 3.0.4 Default Configuration spoofing
3067| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
3068| [63750] Apache qpid up to 0.20 checkAvailable denial of service
3069| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
3070| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
3071| [63747] Apache Rave up to 0.20 User Account information disclosure
3072| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
3073| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
3074| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
3075| [7687] Apache CXF up to 2.7.2 Token weak authentication
3076| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3077| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3078| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
3079| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
3080| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
3081| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
3082| [63090] Apache Tomcat up to 4.1.24 denial of service
3083| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
3084| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
3085| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
3086| [62833] Apache CXF -/2.6.0 spoofing
3087| [62832] Apache Axis2 up to 1.6.2 spoofing
3088| [62831] Apache Axis up to 1.4 Java Message Service spoofing
3089| [62830] Apache Commons-httpclient 3.0 Payments spoofing
3090| [62826] Apache Libcloud up to 0.11.0 spoofing
3091| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
3092| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
3093| [62661] Apache Axis2 unknown vulnerability
3094| [62658] Apache Axis2 unknown vulnerability
3095| [62467] Apache Qpid up to 0.17 denial of service
3096| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
3097| [6301] Apache HTTP Server mod_pagespeed cross site scripting
3098| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
3099| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
3100| [62035] Apache Struts up to 2.3.4 denial of service
3101| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
3102| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
3103| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
3104| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
3105| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
3106| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
3107| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
3108| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
3109| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
3110| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
3111| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
3112| [61229] Apache Sling up to 2.1.1 denial of service
3113| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
3114| [61094] Apache Roller up to 5.0 cross site scripting
3115| [61093] Apache Roller up to 5.0 cross site request forgery
3116| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
3117| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
3118| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
3119| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
3120| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
3121| [60708] Apache Qpid 0.12 unknown vulnerability
3122| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
3123| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
3124| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
3125| [4882] Apache Wicket up to 1.5.4 directory traversal
3126| [4881] Apache Wicket up to 1.4.19 cross site scripting
3127| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
3128| [60352] Apache Struts up to 2.2.3 memory corruption
3129| [60153] Apache Portable Runtime up to 1.4.3 denial of service
3130| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
3131| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
3132| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
3133| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
3134| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
3135| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
3136| [4571] Apache Struts up to 2.3.1.2 privilege escalation
3137| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
3138| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
3139| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
3140| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
3141| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
3142| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
3143| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3144| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
3145| [59888] Apache Tomcat up to 6.0.6 denial of service
3146| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
3147| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
3148| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
3149| [59850] Apache Geronimo up to 2.2.1 denial of service
3150| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
3151| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
3152| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
3153| [58413] Apache Tomcat up to 6.0.10 spoofing
3154| [58381] Apache Wicket up to 1.4.17 cross site scripting
3155| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
3156| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
3157| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
3158| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
3159| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3160| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
3161| [57568] Apache Archiva up to 1.3.4 cross site scripting
3162| [57567] Apache Archiva up to 1.3.4 cross site request forgery
3163| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
3164| [4355] Apache HTTP Server APR apr_fnmatch denial of service
3165| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
3166| [57425] Apache Struts up to 2.2.1.1 cross site scripting
3167| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
3168| [57025] Apache Tomcat up to 7.0.11 information disclosure
3169| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
3170| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
3171| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3172| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
3173| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
3174| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
3175| [56512] Apache Continuum up to 1.4.0 cross site scripting
3176| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
3177| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
3178| [4283] Apache Tomcat 5.x ServletContect privilege escalation
3179| [56441] Apache Tomcat up to 7.0.6 denial of service
3180| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
3181| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
3182| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
3183| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
3184| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
3185| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
3186| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
3187| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
3188| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
3189| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
3190| [54693] Apache Traffic Server DNS Cache unknown vulnerability
3191| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
3192| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
3193| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
3194| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
3195| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
3196| [54012] Apache Tomcat up to 6.0.10 denial of service
3197| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
3198| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
3199| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
3200| [52894] Apache Tomcat up to 6.0.7 information disclosure
3201| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
3202| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
3203| [52786] Apache Open For Business Project up to 09.04 cross site scripting
3204| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
3205| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
3206| [52584] Apache CouchDB up to 0.10.1 information disclosure
3207| [51757] Apache HTTP Server 2.0.44 cross site scripting
3208| [51756] Apache HTTP Server 2.0.44 spoofing
3209| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
3210| [51690] Apache Tomcat up to 6.0 directory traversal
3211| [51689] Apache Tomcat up to 6.0 information disclosure
3212| [51688] Apache Tomcat up to 6.0 directory traversal
3213| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
3214| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
3215| [50626] Apache Solr 1.0.0 cross site scripting
3216| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
3217| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
3218| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
3219| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
3220| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
3221| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
3222| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
3223| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
3224| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
3225| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
3226| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
3227| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
3228| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
3229| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
3230| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
3231| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
3232| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
3233| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
3234| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
3235| [47214] Apachefriends xampp 1.6.8 spoofing
3236| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
3237| [47162] Apachefriends XAMPP 1.4.4 weak authentication
3238| [47065] Apache Tomcat 4.1.23 cross site scripting
3239| [46834] Apache Tomcat up to 5.5.20 cross site scripting
3240| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
3241| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
3242| [86625] Apache Struts directory traversal
3243| [44461] Apache Tomcat up to 5.5.0 information disclosure
3244| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3245| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3246| [43663] Apache Tomcat up to 6.0.16 directory traversal
3247| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3248| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3249| [43516] Apache Tomcat up to 4.1.20 directory traversal
3250| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3251| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3252| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3253| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3254| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3255| [40924] Apache Tomcat up to 6.0.15 information disclosure
3256| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3257| [40922] Apache Tomcat up to 6.0 information disclosure
3258| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3259| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3260| [40656] Apache Tomcat 5.5.20 information disclosure
3261| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3262| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3263| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3264| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3265| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3266| [40234] Apache Tomcat up to 6.0.15 directory traversal
3267| [40221] Apache HTTP Server 2.2.6 information disclosure
3268| [40027] David Castro Apache Authcas 0.4 sql injection
3269| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
3270| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3271| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
3272| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3273| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3274| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3275| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3276| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3277| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3278| [38524] Apache Geronimo 2.0 unknown vulnerability
3279| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3280| [38331] Apache Tomcat 4.1.24 information disclosure
3281| [38330] Apache Tomcat 4.1.24 information disclosure
3282| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3283| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3284| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3285| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3286| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3287| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3288| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3289| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3290| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3291| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3292| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3293| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3294| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3295| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3296| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3297| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3298| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3299| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3300| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3301| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3302| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3303| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3304| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3305| [34252] Apache HTTP Server denial of service
3306| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3307| [33877] Apache Opentaps 0.9.3 cross site scripting
3308| [33876] Apache Open For Business Project unknown vulnerability
3309| [33875] Apache Open For Business Project cross site scripting
3310| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
3311| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3312| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
3313| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
3314| [31663] vbPortal Apache HTTP Server index.php directory traversal
3315| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
3316| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
3317| [30623] Apache James 2.2.0 SMTP Server denial of service
3318| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
3319|
3320| MITRE CVE - https://cve.mitre.org:
3321| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3322| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3323| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3324| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3325| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3326| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3327| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3328| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3329| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3330| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3331| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3332| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3333| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3334| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3335| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3336| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3337| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3338| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3339| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3340| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3341| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3342| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3343| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3344| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3345| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3346| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3347| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3348| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3349| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3350| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3351| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3352| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3353| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3354| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3355| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3356| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3357| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3358| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3359| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3360| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3361| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3362| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3363| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3364| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3365| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3366| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3367| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3368| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3369| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3370| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3371| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3372| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3373| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3374| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3375| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3376| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3377| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3378| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3379| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3380| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3381| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3382| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3383| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3384| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3385| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3386| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3387| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3388| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3389| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3390| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3391| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3392| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3393| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3394| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3395| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3396| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3397| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3398| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3399| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3400| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3401| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3402| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3403| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3404| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3405| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3406| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3407| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3408| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3409| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3410| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3411| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3412| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3413| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3414| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3415| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3416| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3417| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3418| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3419| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3420| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3421| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3422| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3423| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3424| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3425| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3426| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3427| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3428| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3429| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3430| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3431| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3432| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3433| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3434| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3435| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3436| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3437| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3438| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3439| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3440| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3441| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3442| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3443| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3444| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3445| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3446| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3447| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3448| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3449| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3450| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3451| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3452| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3453| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3454| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3455| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3456| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3457| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3458| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3459| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3460| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3461| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3462| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3463| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3464| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3465| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3466| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3467| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3468| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3469| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3470| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3471| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3472| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3473| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3474| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3475| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3476| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3477| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3478| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3479| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3480| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3481| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3482| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3483| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3484| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3485| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3486| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3487| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3488| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3489| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3490| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3491| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3492| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3493| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3494| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3495| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3496| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3497| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3498| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3499| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3500| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3501| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3502| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3503| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3504| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3505| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3506| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3507| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3508| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3509| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3510| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3511| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3512| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3513| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3514| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3515| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3516| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3517| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3518| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3519| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3520| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3521| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3522| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3523| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3524| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3525| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3526| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3527| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3528| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3529| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3530| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3531| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3532| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3533| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3534| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3535| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3536| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3537| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3538| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3539| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3540| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3541| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3542| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3543| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3544| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3545| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3546| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3547| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3548| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3549| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3550| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3551| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3552| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3553| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3554| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3555| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3556| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3557| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3558| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3559| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3560| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3561| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3562| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3563| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3564| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3565| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3566| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3567| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3568| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3569| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3570| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3571| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3572| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3573| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3574| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3575| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3576| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3577| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3578| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3579| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3580| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3581| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3582| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3583| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3584| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3585| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3586| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3587| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3588| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3589| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3590| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3591| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3592| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3593| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3594| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3595| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3596| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3597| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3598| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3599| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3600| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3601| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3602| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3603| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3604| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3605| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3606| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3607| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3608| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3609| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3610| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3611| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3612| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3613| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3614| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3615| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3616| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3617| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3618| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3619| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3620| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3621| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3622| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3623| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3624| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3625| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3626| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3627| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3628| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3629| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3630| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3631| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3632| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3633| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3634| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3635| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3636| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3637| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3638| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3639| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3640| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3641| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3642| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3643| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3644| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3645| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3646| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3647| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3648| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3649| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3650| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3651| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3652| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3653| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3654| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3655| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3656| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3657| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3658| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3659| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3660| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3661| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3662| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3663| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3664| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3665| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3666| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3667| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3668| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3669| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3670| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3671| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3672| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3673| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3674| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3675| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3676| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3677| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3678| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3679| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3680| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3681| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3682| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3683| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3684| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3685| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3686| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3687| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3688| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3689| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3690| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3691| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3692| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3693| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3694| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3695| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3696| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3697| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3698| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3699| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3700| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3701| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3702| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3703| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3704| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3705| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3706| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3707| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3708| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3709| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3710| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3711| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3712| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3713| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3714| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3715| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3716| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3717| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3718| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3719| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3720| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3721| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3722| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3723| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3724| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3725| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3726| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3727| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3728| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3729| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3730| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3731| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3732| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3733| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3734| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3735| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3736| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3737| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3738| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3739| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3740| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3741| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3742| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3743| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3744| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3745| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3746| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3747| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3748| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3749| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3750| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3751| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3752| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3753| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3754| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3755| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3756| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3757| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3758| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3759| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3760| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3761| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3762| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3763| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3764| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3765| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3766| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3767| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3768| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3769| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3770| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3771| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3772| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3773| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3774| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3775| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3776| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3777| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3778| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3779| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3780| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3781| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3782| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3783| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3784| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3785| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3786| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3787| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3788| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3789| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3790| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3791| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3792| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3793| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3794| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3795| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3796| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3797| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3798| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3799| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3800| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3801| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3802| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3803| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3804| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3805| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3806| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3807| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3808| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3809| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3810| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3811| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3812| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3813| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3814| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3815| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3816| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3817| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3818| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3819| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3820| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3821| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3822| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3823| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3824| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3825| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3826| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3827| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3828| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3829| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3830| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3831| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3832| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3833| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3834| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3835| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3836| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3837| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3838| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3839| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3840| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3841| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3842| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3843| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3844| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3845| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3846| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3847| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3848| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3849| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3850| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3851| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3852| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3853| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3854| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3855| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3856| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3857| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3858| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3859| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3860| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3861| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3862| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3863| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3864| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3865| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3866| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3867| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3868| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3869| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3870| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3871| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3872| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3873| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3874| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3875| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3876| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3877| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3878| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3879| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3880| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3881| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3882| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3883| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3884| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3885| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3886| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3887| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3888| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3889| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3890| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3891| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3892| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3893| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3894| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3895| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3896| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3897| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3898| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3899| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3900| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3901| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3902| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3903| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3904| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3905| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3906| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3907| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3908| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3909| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3910| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3911| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3912| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3913| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3914| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3915| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3916| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3917| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3918| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3919| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3920| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3921| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3922| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3923| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3924| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3925| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3926| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3927| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3928| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3929| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3930|
3931| SecurityFocus - https://www.securityfocus.com/bid/:
3932| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3933| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3934| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3935| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3936| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3937| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3938| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3939| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3940| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3941| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3942| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3943| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3944| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3945| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3946| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3947| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3948| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3949| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3950| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3951| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3952| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3953| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3954| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3955| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3956| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3957| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3958| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3959| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3960| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3961| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3962| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3963| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3964| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3965| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3966| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3967| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3968| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3969| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3970| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3971| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3972| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3973| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3974| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3975| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3976| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3977| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3978| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3979| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3980| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3981| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3982| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3983| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3984| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3985| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3986| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3987| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3988| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3989| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3990| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3991| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3992| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3993| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3994| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3995| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3996| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3997| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3998| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3999| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
4000| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
4001| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
4002| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
4003| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
4004| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
4005| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
4006| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
4007| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
4008| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
4009| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
4010| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
4011| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
4012| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
4013| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
4014| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
4015| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
4016| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
4017| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
4018| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
4019| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
4020| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
4021| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
4022| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
4023| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
4024| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
4025| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
4026| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
4027| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
4028| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
4029| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
4030| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4031| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
4032| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
4033| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
4034| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
4035| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
4036| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
4037| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
4038| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
4039| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
4040| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
4041| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
4042| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
4043| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
4044| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
4045| [100447] Apache2Triad Multiple Security Vulnerabilities
4046| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
4047| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
4048| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
4049| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
4050| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
4051| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
4052| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
4053| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
4054| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
4055| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
4056| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
4057| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
4058| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
4059| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
4060| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
4061| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4062| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4063| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
4064| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
4065| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
4066| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
4067| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4068| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
4069| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
4070| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
4071| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4072| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4073| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4074| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4075| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4076| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
4077| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
4078| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
4079| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
4080| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
4081| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
4082| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
4083| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
4084| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
4085| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
4086| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
4087| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
4088| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
4089| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
4090| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
4091| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
4092| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
4093| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
4094| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
4095| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
4096| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
4097| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
4098| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
4099| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
4100| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
4101| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
4102| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
4103| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
4104| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
4105| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
4106| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
4107| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
4108| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
4109| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
4110| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
4111| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
4112| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
4113| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
4114| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
4115| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
4116| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
4117| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
4118| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
4119| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
4120| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
4121| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
4122| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
4123| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
4124| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
4125| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
4126| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
4127| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
4128| [95675] Apache Struts Remote Code Execution Vulnerability
4129| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
4130| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
4131| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
4132| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
4133| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
4134| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
4135| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
4136| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
4137| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
4138| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
4139| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
4140| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
4141| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
4142| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
4143| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
4144| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
4145| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
4146| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
4147| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
4148| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
4149| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
4150| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
4151| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
4152| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
4153| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
4154| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
4155| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
4156| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
4157| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
4158| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
4159| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
4160| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
4161| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
4162| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
4163| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
4164| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
4165| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
4166| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
4167| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
4168| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
4169| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
4170| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
4171| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
4172| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
4173| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
4174| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
4175| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
4176| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
4177| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
4178| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
4179| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
4180| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
4181| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
4182| [91736] Apache XML-RPC Multiple Security Vulnerabilities
4183| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
4184| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
4185| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
4186| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
4187| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
4188| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
4189| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
4190| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
4191| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
4192| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
4193| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
4194| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
4195| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
4196| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
4197| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
4198| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
4199| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
4200| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
4201| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
4202| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
4203| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
4204| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
4205| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
4206| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
4207| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
4208| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
4209| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
4210| [90482] Apache CVE-2004-1387 Local Security Vulnerability
4211| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
4212| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
4213| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
4214| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
4215| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
4216| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
4217| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
4218| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
4219| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
4220| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4221| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
4222| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
4223| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
4224| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
4225| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
4226| [86399] Apache CVE-2007-1743 Local Security Vulnerability
4227| [86397] Apache CVE-2007-1742 Local Security Vulnerability
4228| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
4229| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
4230| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
4231| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
4232| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
4233| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
4234| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
4235| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
4236| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
4237| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
4238| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
4239| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
4240| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
4241| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
4242| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
4243| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
4244| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
4245| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
4246| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
4247| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
4248| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
4249| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
4250| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4251| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4252| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4253| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4254| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4255| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4256| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4257| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4258| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4259| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4260| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4261| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4262| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4263| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4264| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4265| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4266| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4267| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4268| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4269| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4270| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4271| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4272| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4273| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4274| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4275| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4276| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4277| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4278| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4279| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4280| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4281| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4282| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4283| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4284| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4285| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4286| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4287| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4288| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4289| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4290| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4291| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4292| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4293| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4294| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4295| [76933] Apache James Server Unspecified Command Execution Vulnerability
4296| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4297| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4298| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4299| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4300| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4301| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4302| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4303| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4304| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4305| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4306| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4307| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4308| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4309| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4310| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4311| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4312| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4313| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4314| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4315| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4316| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4317| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4318| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4319| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4320| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4321| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4322| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4323| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4324| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4325| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4326| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4327| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4328| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4329| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4330| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4331| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4332| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4333| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4334| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4335| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4336| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4337| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4338| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4339| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4340| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4341| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4342| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4343| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4344| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4345| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4346| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4347| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4348| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4349| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4350| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4351| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4352| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4353| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4354| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4355| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4356| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4357| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4358| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4359| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4360| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4361| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4362| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4363| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4364| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4365| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4366| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4367| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4368| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4369| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4370| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4371| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4372| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4373| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4374| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4375| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4376| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4377| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4378| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4379| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4380| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4381| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4382| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4383| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4384| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4385| [68229] Apache Harmony PRNG Entropy Weakness
4386| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4387| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4388| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4389| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4390| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4391| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4392| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4393| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4394| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4395| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4396| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4397| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4398| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4399| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4400| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4401| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4402| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4403| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4404| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4405| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4406| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4407| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4408| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4409| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4410| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4411| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4412| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4413| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4414| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4415| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4416| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4417| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4418| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4419| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4420| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4421| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4422| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4423| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4424| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4425| [64780] Apache CloudStack Unauthorized Access Vulnerability
4426| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4427| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4428| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4429| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4430| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4431| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4432| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4433| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4434| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4435| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4436| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4437| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4438| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4439| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4440| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4441| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4442| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4443| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4444| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4445| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4446| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4447| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4448| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4449| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4450| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4451| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4452| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4453| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4454| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4455| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4456| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4457| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4458| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4459| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4460| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4461| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4462| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4463| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4464| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4465| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4466| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4467| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4468| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4469| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4470| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4471| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4472| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4473| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4474| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4475| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4476| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4477| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4478| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4479| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4480| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4481| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4482| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4483| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4484| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4485| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4486| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4487| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4488| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4489| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4490| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4491| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4492| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4493| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4494| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4495| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4496| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4497| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4498| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4499| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4500| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4501| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4502| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4503| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4504| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4505| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4506| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4507| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4508| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4509| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4510| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4511| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4512| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4513| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4514| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4515| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4516| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4517| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4518| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4519| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4520| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4521| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4522| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4523| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4524| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4525| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4526| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4527| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4528| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4529| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4530| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4531| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4532| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4533| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4534| [54798] Apache Libcloud Man In The Middle Vulnerability
4535| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4536| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4537| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4538| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4539| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4540| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4541| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4542| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4543| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4544| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4545| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4546| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4547| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4548| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4549| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4550| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4551| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4552| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4553| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4554| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4555| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4556| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4557| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4558| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4559| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4560| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4561| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4562| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4563| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4564| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4565| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4566| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4567| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4568| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4569| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4570| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4571| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4572| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4573| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4574| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4575| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4576| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4577| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4578| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4579| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4580| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4581| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4582| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4583| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4584| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4585| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4586| [49290] Apache Wicket Cross Site Scripting Vulnerability
4587| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4588| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4589| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4590| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4591| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4592| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4593| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4594| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4595| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4596| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4597| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4598| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4599| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4600| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4601| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4602| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4603| [46953] Apache MPM-ITK Module Security Weakness
4604| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4605| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4606| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4607| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4608| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4609| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4610| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4611| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4612| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4613| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4614| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4615| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4616| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4617| [44616] Apache Shiro Directory Traversal Vulnerability
4618| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4619| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4620| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4621| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4622| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4623| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4624| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4625| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4626| [42492] Apache CXF XML DTD Processing Security Vulnerability
4627| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4628| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4629| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4630| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4631| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4632| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4633| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4634| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4635| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4636| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4637| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4638| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4639| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4640| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4641| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4642| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4643| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4644| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4645| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4646| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4647| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4648| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4649| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4650| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4651| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4652| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4653| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4654| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4655| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4656| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4657| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4658| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4659| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4660| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4661| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4662| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4663| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4664| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4665| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4666| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4667| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4668| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4669| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4670| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4671| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4672| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4673| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4674| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4675| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4676| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4677| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4678| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4679| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4680| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4681| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4682| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4683| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4684| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4685| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4686| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4687| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4688| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4689| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4690| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4691| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4692| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4693| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4694| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4695| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4696| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4697| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4698| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4699| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4700| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4701| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4702| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4703| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4704| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4705| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4706| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4707| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4708| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4709| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4710| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4711| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4712| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4713| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4714| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4715| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4716| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4717| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4718| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4719| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4720| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4721| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4722| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4723| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4724| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4725| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4726| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4727| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4728| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4729| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4730| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4731| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4732| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4733| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4734| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4735| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4736| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4737| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4738| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4739| [20527] Apache Mod_TCL Remote Format String Vulnerability
4740| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4741| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4742| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4743| [19106] Apache Tomcat Information Disclosure Vulnerability
4744| [18138] Apache James SMTP Denial Of Service Vulnerability
4745| [17342] Apache Struts Multiple Remote Vulnerabilities
4746| [17095] Apache Log4Net Denial Of Service Vulnerability
4747| [16916] Apache mod_python FileSession Code Execution Vulnerability
4748| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4749| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4750| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4751| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4752| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4753| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4754| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4755| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4756| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4757| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4758| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4759| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4760| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4761| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4762| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4763| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4764| [14106] Apache HTTP Request Smuggling Vulnerability
4765| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4766| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4767| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4768| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4769| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4770| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4771| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4772| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4773| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4774| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4775| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4776| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4777| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4778| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4779| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4780| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4781| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4782| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4783| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4784| [11094] Apache mod_ssl Denial Of Service Vulnerability
4785| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4786| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4787| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4788| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4789| [10478] ClueCentral Apache Suexec Patch Security Weakness
4790| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4791| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4792| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4793| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4794| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4795| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4796| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4797| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4798| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4799| [9733] Apache Cygwin Directory Traversal Vulnerability
4800| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4801| [9590] Apache-SSL Client Certificate Forging Vulnerability
4802| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4803| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4804| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4805| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4806| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4807| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4808| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4809| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4810| [8898] Red Hat Apache Directory Index Default Configuration Error
4811| [8883] Apache Cocoon Directory Traversal Vulnerability
4812| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4813| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4814| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4815| [8707] Apache htpasswd Password Entropy Weakness
4816| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4817| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4818| [8226] Apache HTTP Server Multiple Vulnerabilities
4819| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4820| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4821| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4822| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4823| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4824| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4825| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4826| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4827| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4828| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4829| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4830| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4831| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4832| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4833| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4834| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4835| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4836| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4837| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4838| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4839| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4840| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4841| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4842| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4843| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4844| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4845| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4846| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4847| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4848| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4849| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4850| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4851| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4852| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4853| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4854| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4855| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4856| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4857| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4858| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4859| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4860| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4861| [5485] Apache 2.0 Path Disclosure Vulnerability
4862| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4863| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4864| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4865| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4866| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4867| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4868| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4869| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4870| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4871| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4872| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4873| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4874| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4875| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4876| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4877| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4878| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4879| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4880| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4881| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4882| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4883| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4884| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4885| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4886| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4887| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4888| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4889| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4890| [3596] Apache Split-Logfile File Append Vulnerability
4891| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4892| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4893| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4894| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4895| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4896| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4897| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4898| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4899| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4900| [3169] Apache Server Address Disclosure Vulnerability
4901| [3009] Apache Possible Directory Index Disclosure Vulnerability
4902| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4903| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4904| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4905| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4906| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4907| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4908| [2216] Apache Web Server DoS Vulnerability
4909| [2182] Apache /tmp File Race Vulnerability
4910| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4911| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4912| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4913| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4914| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4915| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4916| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4917| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4918| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4919| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4920| [1457] Apache::ASP source.asp Example Script Vulnerability
4921| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4922| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4923|
4924| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4925| [86258] Apache CloudStack text fields cross-site scripting
4926| [85983] Apache Subversion mod_dav_svn module denial of service
4927| [85875] Apache OFBiz UEL code execution
4928| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4929| [85871] Apache HTTP Server mod_session_dbd unspecified
4930| [85756] Apache Struts OGNL expression command execution
4931| [85755] Apache Struts DefaultActionMapper class open redirect
4932| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4933| [85574] Apache HTTP Server mod_dav denial of service
4934| [85573] Apache Struts Showcase App OGNL code execution
4935| [85496] Apache CXF denial of service
4936| [85423] Apache Geronimo RMI classloader code execution
4937| [85326] Apache Santuario XML Security for C++ buffer overflow
4938| [85323] Apache Santuario XML Security for Java spoofing
4939| [85319] Apache Qpid Python client SSL spoofing
4940| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4941| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4942| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4943| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4944| [84952] Apache Tomcat CVE-2012-3544 denial of service
4945| [84763] Apache Struts CVE-2013-2135 security bypass
4946| [84762] Apache Struts CVE-2013-2134 security bypass
4947| [84719] Apache Subversion CVE-2013-2088 command execution
4948| [84718] Apache Subversion CVE-2013-2112 denial of service
4949| [84717] Apache Subversion CVE-2013-1968 denial of service
4950| [84577] Apache Tomcat security bypass
4951| [84576] Apache Tomcat symlink
4952| [84543] Apache Struts CVE-2013-2115 security bypass
4953| [84542] Apache Struts CVE-2013-1966 security bypass
4954| [84154] Apache Tomcat session hijacking
4955| [84144] Apache Tomcat denial of service
4956| [84143] Apache Tomcat information disclosure
4957| [84111] Apache HTTP Server command execution
4958| [84043] Apache Virtual Computing Lab cross-site scripting
4959| [84042] Apache Virtual Computing Lab cross-site scripting
4960| [83782] Apache CloudStack information disclosure
4961| [83781] Apache CloudStack security bypass
4962| [83720] Apache ActiveMQ cross-site scripting
4963| [83719] Apache ActiveMQ denial of service
4964| [83718] Apache ActiveMQ denial of service
4965| [83263] Apache Subversion denial of service
4966| [83262] Apache Subversion denial of service
4967| [83261] Apache Subversion denial of service
4968| [83259] Apache Subversion denial of service
4969| [83035] Apache mod_ruid2 security bypass
4970| [82852] Apache Qpid federation_tag security bypass
4971| [82851] Apache Qpid qpid::framing::Buffer denial of service
4972| [82758] Apache Rave User RPC API information disclosure
4973| [82663] Apache Subversion svn_fs_file_length() denial of service
4974| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4975| [82641] Apache Qpid AMQP denial of service
4976| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4977| [82618] Apache Commons FileUpload symlink
4978| [82360] Apache HTTP Server manager interface cross-site scripting
4979| [82359] Apache HTTP Server hostnames cross-site scripting
4980| [82338] Apache Tomcat log/logdir information disclosure
4981| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4982| [82268] Apache OpenJPA deserialization command execution
4983| [81981] Apache CXF UsernameTokens security bypass
4984| [81980] Apache CXF WS-Security security bypass
4985| [81398] Apache OFBiz cross-site scripting
4986| [81240] Apache CouchDB directory traversal
4987| [81226] Apache CouchDB JSONP code execution
4988| [81225] Apache CouchDB Futon user interface cross-site scripting
4989| [81211] Apache Axis2/C SSL spoofing
4990| [81167] Apache CloudStack DeployVM information disclosure
4991| [81166] Apache CloudStack AddHost API information disclosure
4992| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4993| [80518] Apache Tomcat cross-site request forgery security bypass
4994| [80517] Apache Tomcat FormAuthenticator security bypass
4995| [80516] Apache Tomcat NIO denial of service
4996| [80408] Apache Tomcat replay-countermeasure security bypass
4997| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4998| [80317] Apache Tomcat slowloris denial of service
4999| [79984] Apache Commons HttpClient SSL spoofing
5000| [79983] Apache CXF SSL spoofing
5001| [79830] Apache Axis2/Java SSL spoofing
5002| [79829] Apache Axis SSL spoofing
5003| [79809] Apache Tomcat DIGEST security bypass
5004| [79806] Apache Tomcat parseHeaders() denial of service
5005| [79540] Apache OFBiz unspecified
5006| [79487] Apache Axis2 SAML security bypass
5007| [79212] Apache Cloudstack code execution
5008| [78734] Apache CXF SOAP Action security bypass
5009| [78730] Apache Qpid broker denial of service
5010| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
5011| [78563] Apache mod_pagespeed module unspecified cross-site scripting
5012| [78562] Apache mod_pagespeed module security bypass
5013| [78454] Apache Axis2 security bypass
5014| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
5015| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
5016| [78321] Apache Wicket unspecified cross-site scripting
5017| [78183] Apache Struts parameters denial of service
5018| [78182] Apache Struts cross-site request forgery
5019| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
5020| [77987] mod_rpaf module for Apache denial of service
5021| [77958] Apache Struts skill name code execution
5022| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5023| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5024| [77568] Apache Qpid broker security bypass
5025| [77421] Apache Libcloud spoofing
5026| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
5027| [77046] Oracle Solaris Apache HTTP Server information disclosure
5028| [76837] Apache Hadoop information disclosure
5029| [76802] Apache Sling CopyFrom denial of service
5030| [76692] Apache Hadoop symlink
5031| [76535] Apache Roller console cross-site request forgery
5032| [76534] Apache Roller weblog cross-site scripting
5033| [76152] Apache CXF elements security bypass
5034| [76151] Apache CXF child policies security bypass
5035| [75983] MapServer for Windows Apache file include
5036| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
5037| [75558] Apache POI denial of service
5038| [75545] PHP apache_request_headers() buffer overflow
5039| [75302] Apache Qpid SASL security bypass
5040| [75211] Debian GNU/Linux apache 2 cross-site scripting
5041| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5042| [74871] Apache OFBiz FlexibleStringExpander code execution
5043| [74870] Apache OFBiz multiple cross-site scripting
5044| [74750] Apache Hadoop unspecified spoofing
5045| [74319] Apache Struts XSLTResult.java file upload
5046| [74313] Apache Traffic Server header buffer overflow
5047| [74276] Apache Wicket directory traversal
5048| [74273] Apache Wicket unspecified cross-site scripting
5049| [74181] Apache HTTP Server mod_fcgid module denial of service
5050| [73690] Apache Struts OGNL code execution
5051| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
5052| [73100] Apache MyFaces in directory traversal
5053| [73096] Apache APR hash denial of service
5054| [73052] Apache Struts name cross-site scripting
5055| [73030] Apache CXF UsernameToken security bypass
5056| [72888] Apache Struts lastName cross-site scripting
5057| [72758] Apache HTTP Server httpOnly information disclosure
5058| [72757] Apache HTTP Server MPM denial of service
5059| [72585] Apache Struts ParameterInterceptor security bypass
5060| [72438] Apache Tomcat Digest security bypass
5061| [72437] Apache Tomcat Digest security bypass
5062| [72436] Apache Tomcat DIGEST security bypass
5063| [72425] Apache Tomcat parameter denial of service
5064| [72422] Apache Tomcat request object information disclosure
5065| [72377] Apache HTTP Server scoreboard security bypass
5066| [72345] Apache HTTP Server HTTP request denial of service
5067| [72229] Apache Struts ExceptionDelegator command execution
5068| [72089] Apache Struts ParameterInterceptor directory traversal
5069| [72088] Apache Struts CookieInterceptor command execution
5070| [72047] Apache Geronimo hash denial of service
5071| [72016] Apache Tomcat hash denial of service
5072| [71711] Apache Struts OGNL expression code execution
5073| [71654] Apache Struts interfaces security bypass
5074| [71620] Apache ActiveMQ failover denial of service
5075| [71617] Apache HTTP Server mod_proxy module information disclosure
5076| [71508] Apache MyFaces EL security bypass
5077| [71445] Apache HTTP Server mod_proxy security bypass
5078| [71203] Apache Tomcat servlets privilege escalation
5079| [71181] Apache HTTP Server ap_pregsub() denial of service
5080| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5081| [70336] Apache HTTP Server mod_proxy information disclosure
5082| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5083| [69472] Apache Tomcat AJP security bypass
5084| [69396] Apache HTTP Server ByteRange filter denial of service
5085| [69394] Apache Wicket multi window support cross-site scripting
5086| [69176] Apache Tomcat XML information disclosure
5087| [69161] Apache Tomcat jsvc information disclosure
5088| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
5089| [68541] Apache Tomcat sendfile information disclosure
5090| [68420] Apache XML Security denial of service
5091| [68238] Apache Tomcat JMX information disclosure
5092| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
5093| [67804] Apache Subversion control rules information disclosure
5094| [67803] Apache Subversion control rules denial of service
5095| [67802] Apache Subversion baselined denial of service
5096| [67672] Apache Archiva multiple cross-site scripting
5097| [67671] Apache Archiva multiple cross-site request forgery
5098| [67564] Apache APR apr_fnmatch() denial of service
5099| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
5100| [67515] Apache Tomcat annotations security bypass
5101| [67480] Apache Struts s:submit information disclosure
5102| [67414] Apache APR apr_fnmatch() denial of service
5103| [67356] Apache Struts javatemplates cross-site scripting
5104| [67354] Apache Struts Xwork cross-site scripting
5105| [66676] Apache Tomcat HTTP BIO information disclosure
5106| [66675] Apache Tomcat web.xml security bypass
5107| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
5108| [66241] Apache HttpComponents information disclosure
5109| [66154] Apache Tomcat ServletSecurity security bypass
5110| [65971] Apache Tomcat ServletSecurity security bypass
5111| [65876] Apache Subversion mod_dav_svn denial of service
5112| [65343] Apache Continuum unspecified cross-site scripting
5113| [65162] Apache Tomcat NIO connector denial of service
5114| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
5115| [65160] Apache Tomcat HTML Manager interface cross-site scripting
5116| [65159] Apache Tomcat ServletContect security bypass
5117| [65050] Apache CouchDB web-based administration UI cross-site scripting
5118| [64773] Oracle HTTP Server Apache Plugin unauthorized access
5119| [64473] Apache Subversion blame -g denial of service
5120| [64472] Apache Subversion walk() denial of service
5121| [64407] Apache Axis2 CVE-2010-0219 code execution
5122| [63926] Apache Archiva password privilege escalation
5123| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
5124| [63493] Apache Archiva credentials cross-site request forgery
5125| [63477] Apache Tomcat HttpOnly session hijacking
5126| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
5127| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
5128| [62959] Apache Shiro filters security bypass
5129| [62790] Apache Perl cgi module denial of service
5130| [62576] Apache Qpid exchange denial of service
5131| [62575] Apache Qpid AMQP denial of service
5132| [62354] Apache Qpid SSL denial of service
5133| [62235] Apache APR-util apr_brigade_split_line() denial of service
5134| [62181] Apache XML-RPC SAX Parser information disclosure
5135| [61721] Apache Traffic Server cache poisoning
5136| [61202] Apache Derby BUILTIN authentication functionality information disclosure
5137| [61186] Apache CouchDB Futon cross-site request forgery
5138| [61169] Apache CXF DTD denial of service
5139| [61070] Apache Jackrabbit search.jsp SQL injection
5140| [61006] Apache SLMS Quoting cross-site request forgery
5141| [60962] Apache Tomcat time cross-site scripting
5142| [60883] Apache mod_proxy_http information disclosure
5143| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
5144| [60264] Apache Tomcat Transfer-Encoding denial of service
5145| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
5146| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
5147| [59413] Apache mod_proxy_http timeout information disclosure
5148| [59058] Apache MyFaces unencrypted view state cross-site scripting
5149| [58827] Apache Axis2 xsd file include
5150| [58790] Apache Axis2 modules cross-site scripting
5151| [58299] Apache ActiveMQ queueBrowse cross-site scripting
5152| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
5153| [58056] Apache ActiveMQ .jsp source code disclosure
5154| [58055] Apache Tomcat realm name information disclosure
5155| [58046] Apache HTTP Server mod_auth_shadow security bypass
5156| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
5157| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
5158| [57429] Apache CouchDB algorithms information disclosure
5159| [57398] Apache ActiveMQ Web console cross-site request forgery
5160| [57397] Apache ActiveMQ createDestination.action cross-site scripting
5161| [56653] Apache HTTP Server DNS spoofing
5162| [56652] Apache HTTP Server DNS cross-site scripting
5163| [56625] Apache HTTP Server request header information disclosure
5164| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
5165| [56623] Apache HTTP Server mod_proxy_ajp denial of service
5166| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
5167| [55857] Apache Tomcat WAR files directory traversal
5168| [55856] Apache Tomcat autoDeploy attribute security bypass
5169| [55855] Apache Tomcat WAR directory traversal
5170| [55210] Intuit component for Joomla! Apache information disclosure
5171| [54533] Apache Tomcat 404 error page cross-site scripting
5172| [54182] Apache Tomcat admin default password
5173| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
5174| [53666] Apache HTTP Server Solaris pollset support denial of service
5175| [53650] Apache HTTP Server HTTP basic-auth module security bypass
5176| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
5177| [53041] mod_proxy_ftp module for Apache denial of service
5178| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
5179| [51953] Apache Tomcat Path Disclosure
5180| [51952] Apache Tomcat Path Traversal
5181| [51951] Apache stronghold-status Information Disclosure
5182| [51950] Apache stronghold-info Information Disclosure
5183| [51949] Apache PHP Source Code Disclosure
5184| [51948] Apache Multiviews Attack
5185| [51946] Apache JServ Environment Status Information Disclosure
5186| [51945] Apache error_log Information Disclosure
5187| [51944] Apache Default Installation Page Pattern Found
5188| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
5189| [51942] Apache AXIS XML External Entity File Retrieval
5190| [51941] Apache AXIS Sample Servlet Information Leak
5191| [51940] Apache access_log Information Disclosure
5192| [51626] Apache mod_deflate denial of service
5193| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
5194| [51365] Apache Tomcat RequestDispatcher security bypass
5195| [51273] Apache HTTP Server Incomplete Request denial of service
5196| [51195] Apache Tomcat XML information disclosure
5197| [50994] Apache APR-util xml/apr_xml.c denial of service
5198| [50993] Apache APR-util apr_brigade_vprintf denial of service
5199| [50964] Apache APR-util apr_strmatch_precompile() denial of service
5200| [50930] Apache Tomcat j_security_check information disclosure
5201| [50928] Apache Tomcat AJP denial of service
5202| [50884] Apache HTTP Server XML ENTITY denial of service
5203| [50808] Apache HTTP Server AllowOverride privilege escalation
5204| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
5205| [50059] Apache mod_proxy_ajp information disclosure
5206| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
5207| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
5208| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
5209| [49921] Apache ActiveMQ Web interface cross-site scripting
5210| [49898] Apache Geronimo Services/Repository directory traversal
5211| [49725] Apache Tomcat mod_jk module information disclosure
5212| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
5213| [49712] Apache Struts unspecified cross-site scripting
5214| [49213] Apache Tomcat cal2.jsp cross-site scripting
5215| [48934] Apache Tomcat POST doRead method information disclosure
5216| [48211] Apache Tomcat header HTTP request smuggling
5217| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
5218| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
5219| [47709] Apache Roller "
5220| [47104] Novell Netware ApacheAdmin console security bypass
5221| [47086] Apache HTTP Server OS fingerprinting unspecified
5222| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
5223| [45791] Apache Tomcat RemoteFilterValve security bypass
5224| [44435] Oracle WebLogic Apache Connector buffer overflow
5225| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
5226| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5227| [44156] Apache Tomcat RequestDispatcher directory traversal
5228| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
5229| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5230| [42987] Apache HTTP Server mod_proxy module denial of service
5231| [42915] Apache Tomcat JSP files path disclosure
5232| [42914] Apache Tomcat MS-DOS path disclosure
5233| [42892] Apache Tomcat unspecified unauthorized access
5234| [42816] Apache Tomcat Host Manager cross-site scripting
5235| [42303] Apache 403 error cross-site scripting
5236| [41618] Apache-SSL ExpandCert() authentication bypass
5237| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
5238| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
5239| [40614] Apache mod_jk2 HTTP Host header buffer overflow
5240| [40562] Apache Geronimo init information disclosure
5241| [40478] Novell Web Manager webadmin-apache.conf security bypass
5242| [40411] Apache Tomcat exception handling information disclosure
5243| [40409] Apache Tomcat native (APR based) connector weak security
5244| [40403] Apache Tomcat quotes and %5C cookie information disclosure
5245| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
5246| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5247| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5248| [39804] Apache Tomcat SingleSignOn information disclosure
5249| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5250| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5251| [39608] Apache HTTP Server balancer manager cross-site request forgery
5252| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5253| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5254| [39472] Apache HTTP Server mod_status cross-site scripting
5255| [39201] Apache Tomcat JULI logging weak security
5256| [39158] Apache HTTP Server Windows SMB shares information disclosure
5257| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5258| [38951] Apache::AuthCAS Perl module cookie SQL injection
5259| [38800] Apache HTTP Server 413 error page cross-site scripting
5260| [38211] Apache Geronimo SQLLoginModule authentication bypass
5261| [37243] Apache Tomcat WebDAV directory traversal
5262| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5263| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5264| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5265| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5266| [36782] Apache Geronimo MEJB unauthorized access
5267| [36586] Apache HTTP Server UTF-7 cross-site scripting
5268| [36468] Apache Geronimo LoginModule security bypass
5269| [36467] Apache Tomcat functions.jsp cross-site scripting
5270| [36402] Apache Tomcat calendar cross-site request forgery
5271| [36354] Apache HTTP Server mod_proxy module denial of service
5272| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5273| [36336] Apache Derby lock table privilege escalation
5274| [36335] Apache Derby schema privilege escalation
5275| [36006] Apache Tomcat "
5276| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5277| [35999] Apache Tomcat \"
5278| [35795] Apache Tomcat CookieExample cross-site scripting
5279| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5280| [35384] Apache HTTP Server mod_cache module denial of service
5281| [35097] Apache HTTP Server mod_status module cross-site scripting
5282| [35095] Apache HTTP Server Prefork MPM module denial of service
5283| [34984] Apache HTTP Server recall_headers information disclosure
5284| [34966] Apache HTTP Server MPM content spoofing
5285| [34965] Apache HTTP Server MPM information disclosure
5286| [34963] Apache HTTP Server MPM multiple denial of service
5287| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5288| [34869] Apache Tomcat JSP example Web application cross-site scripting
5289| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5290| [34496] Apache Tomcat JK Connector security bypass
5291| [34377] Apache Tomcat hello.jsp cross-site scripting
5292| [34212] Apache Tomcat SSL configuration security bypass
5293| [34210] Apache Tomcat Accept-Language cross-site scripting
5294| [34209] Apache Tomcat calendar application cross-site scripting
5295| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5296| [34167] Apache Axis WSDL file path disclosure
5297| [34068] Apache Tomcat AJP connector information disclosure
5298| [33584] Apache HTTP Server suEXEC privilege escalation
5299| [32988] Apache Tomcat proxy module directory traversal
5300| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5301| [32708] Debian Apache tty privilege escalation
5302| [32441] ApacheStats extract() PHP call unspecified
5303| [32128] Apache Tomcat default account
5304| [31680] Apache Tomcat RequestParamExample cross-site scripting
5305| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5306| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5307| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5308| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5309| [29550] Apache mod_tcl set_var() format string
5310| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5311| [28357] Apache HTTP Server mod_alias script source information disclosure
5312| [28063] Apache mod_rewrite off-by-one buffer overflow
5313| [27902] Apache Tomcat URL information disclosure
5314| [26786] Apache James SMTP server denial of service
5315| [25680] libapache2 /tmp/svn file upload
5316| [25614] Apache Struts lookupMap cross-site scripting
5317| [25613] Apache Struts ActionForm denial of service
5318| [25612] Apache Struts isCancelled() security bypass
5319| [24965] Apache mod_python FileSession command execution
5320| [24716] Apache James spooler memory leak denial of service
5321| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5322| [24158] Apache Geronimo jsp-examples cross-site scripting
5323| [24030] Apache auth_ldap module multiple format strings
5324| [24008] Apache mod_ssl custom error message denial of service
5325| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5326| [23612] Apache mod_imap referer field cross-site scripting
5327| [23173] Apache Struts error message cross-site scripting
5328| [22942] Apache Tomcat directory listing denial of service
5329| [22858] Apache Multi-Processing Module code allows denial of service
5330| [22602] RHSA-2005:582 updates for Apache httpd not installed
5331| [22520] Apache mod-auth-shadow "
5332| [22466] ApacheTop symlink
5333| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5334| [22006] Apache HTTP Server byte-range filter denial of service
5335| [21567] Apache mod_ssl off-by-one buffer overflow
5336| [21195] Apache HTTP Server header HTTP request smuggling
5337| [20383] Apache HTTP Server htdigest buffer overflow
5338| [19681] Apache Tomcat AJP12 request denial of service
5339| [18993] Apache HTTP server check_forensic symlink attack
5340| [18790] Apache Tomcat Manager cross-site scripting
5341| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5342| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5343| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5344| [17961] Apache Web server ServerTokens has not been set
5345| [17930] Apache HTTP Server HTTP GET request denial of service
5346| [17785] Apache mod_include module buffer overflow
5347| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5348| [17473] Apache HTTP Server Satisfy directive allows access to resources
5349| [17413] Apache htpasswd buffer overflow
5350| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5351| [17382] Apache HTTP Server IPv6 apr_util denial of service
5352| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5353| [17273] Apache HTTP Server speculative mode denial of service
5354| [17200] Apache HTTP Server mod_ssl denial of service
5355| [16890] Apache HTTP Server server-info request has been detected
5356| [16889] Apache HTTP Server server-status request has been detected
5357| [16705] Apache mod_ssl format string attack
5358| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5359| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5360| [16230] Apache HTTP Server PHP denial of service
5361| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5362| [15958] Apache HTTP Server authentication modules memory corruption
5363| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5364| [15540] Apache HTTP Server socket starvation denial of service
5365| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5366| [15422] Apache HTTP Server mod_access information disclosure
5367| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5368| [15293] Apache for Cygwin "
5369| [15065] Apache-SSL has a default password
5370| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5371| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5372| [14751] Apache Mod_python output filter information disclosure
5373| [14125] Apache HTTP Server mod_userdir module information disclosure
5374| [14075] Apache HTTP Server mod_php file descriptor leak
5375| [13703] Apache HTTP Server account
5376| [13689] Apache HTTP Server configuration allows symlinks
5377| [13688] Apache HTTP Server configuration allows SSI
5378| [13687] Apache HTTP Server Server: header value
5379| [13685] Apache HTTP Server ServerTokens value
5380| [13684] Apache HTTP Server ServerSignature value
5381| [13672] Apache HTTP Server config allows directory autoindexing
5382| [13671] Apache HTTP Server default content
5383| [13670] Apache HTTP Server config file directive references outside content root
5384| [13668] Apache HTTP Server httpd not running in chroot environment
5385| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5386| [13664] Apache HTTP Server config file contains ScriptAlias entry
5387| [13663] Apache HTTP Server CGI support modules loaded
5388| [13661] Apache HTTP Server config file contains AddHandler entry
5389| [13660] Apache HTTP Server 500 error page not CGI script
5390| [13659] Apache HTTP Server 413 error page not CGI script
5391| [13658] Apache HTTP Server 403 error page not CGI script
5392| [13657] Apache HTTP Server 401 error page not CGI script
5393| [13552] Apache HTTP Server mod_cgid module information disclosure
5394| [13550] Apache GET request directory traversal
5395| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5396| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5397| [13429] Apache Tomcat non-HTTP request denial of service
5398| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5399| [13295] Apache weak password encryption
5400| [13254] Apache Tomcat .jsp cross-site scripting
5401| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5402| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5403| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5404| [12662] Apache HTTP Server rotatelogs denial of service
5405| [12554] Apache Tomcat stores password in plain text
5406| [12553] Apache HTTP Server redirects and subrequests denial of service
5407| [12552] Apache HTTP Server FTP proxy server denial of service
5408| [12551] Apache HTTP Server prefork MPM denial of service
5409| [12550] Apache HTTP Server weaker than expected encryption
5410| [12549] Apache HTTP Server type-map file denial of service
5411| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5412| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5413| [12091] Apache HTTP Server apr_password_validate denial of service
5414| [12090] Apache HTTP Server apr_psprintf code execution
5415| [11804] Apache HTTP Server mod_access_referer denial of service
5416| [11750] Apache HTTP Server could leak sensitive file descriptors
5417| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5418| [11703] Apache long slash path allows directory listing
5419| [11695] Apache HTTP Server LF (Line Feed) denial of service
5420| [11694] Apache HTTP Server filestat.c denial of service
5421| [11438] Apache HTTP Server MIME message boundaries information disclosure
5422| [11412] Apache HTTP Server error log terminal escape sequence injection
5423| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5424| [11195] Apache Tomcat web.xml could be used to read files
5425| [11194] Apache Tomcat URL appended with a null character could list directories
5426| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5427| [11126] Apache HTTP Server illegal character file disclosure
5428| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5429| [11124] Apache HTTP Server DOS device name denial of service
5430| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5431| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5432| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5433| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5434| [10499] Apache HTTP Server WebDAV HTTP POST view source
5435| [10457] Apache HTTP Server mod_ssl "
5436| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5437| [10414] Apache HTTP Server htdigest multiple buffer overflows
5438| [10413] Apache HTTP Server htdigest temporary file race condition
5439| [10412] Apache HTTP Server htpasswd temporary file race condition
5440| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5441| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5442| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5443| [10280] Apache HTTP Server shared memory scorecard overwrite
5444| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5445| [10241] Apache HTTP Server Host: header cross-site scripting
5446| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5447| [10208] Apache HTTP Server mod_dav denial of service
5448| [10206] HP VVOS Apache mod_ssl denial of service
5449| [10200] Apache HTTP Server stderr denial of service
5450| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5451| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5452| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5453| [10098] Slapper worm targets OpenSSL/Apache systems
5454| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5455| [9875] Apache HTTP Server .var file request could disclose installation path
5456| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5457| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5458| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5459| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5460| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5461| [9396] Apache Tomcat null character to threads denial of service
5462| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5463| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5464| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5465| [8932] Apache Tomcat example class information disclosure
5466| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5467| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5468| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5469| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5470| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5471| [8400] Apache HTTP Server mod_frontpage buffer overflows
5472| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5473| [8308] Apache "
5474| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5475| [8119] Apache and PHP OPTIONS request reveals "
5476| [8054] Apache is running on the system
5477| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5478| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5479| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5480| [7836] Apache HTTP Server log directory denial of service
5481| [7815] Apache for Windows "
5482| [7810] Apache HTTP request could result in unexpected behavior
5483| [7599] Apache Tomcat reveals installation path
5484| [7494] Apache "
5485| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5486| [7363] Apache Web Server hidden HTTP requests
5487| [7249] Apache mod_proxy denial of service
5488| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5489| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5490| [7059] Apache "
5491| [7057] Apache "
5492| [7056] Apache "
5493| [7055] Apache "
5494| [7054] Apache "
5495| [6997] Apache Jakarta Tomcat error message may reveal information
5496| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5497| [6970] Apache crafted HTTP request could reveal the internal IP address
5498| [6921] Apache long slash path allows directory listing
5499| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5500| [6527] Apache Web Server for Windows and OS2 denial of service
5501| [6316] Apache Jakarta Tomcat may reveal JSP source code
5502| [6305] Apache Jakarta Tomcat directory traversal
5503| [5926] Linux Apache symbolic link
5504| [5659] Apache Web server discloses files when used with php script
5505| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5506| [5204] Apache WebDAV directory listings
5507| [5197] Apache Web server reveals CGI script source code
5508| [5160] Apache Jakarta Tomcat default installation
5509| [5099] Trustix Secure Linux installs Apache with world writable access
5510| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5511| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5512| [4931] Apache source.asp example file allows users to write to files
5513| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5514| [4205] Apache Jakarta Tomcat delivers file contents
5515| [2084] Apache on Debian by default serves the /usr/doc directory
5516| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5517| [697] Apache HTTP server beck exploit
5518| [331] Apache cookies buffer overflow
5519|
5520| Exploit-DB - https://www.exploit-db.com:
5521| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5522| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5523| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5524| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5525| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5526| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5527| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5528| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5529| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5530| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5531| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5532| [29859] Apache Roller OGNL Injection
5533| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5534| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5535| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5536| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5537| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5538| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5539| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5540| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5541| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5542| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5543| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5544| [27096] Apache Geronimo 1.0 Error Page XSS
5545| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5546| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5547| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5548| [25986] Plesk Apache Zeroday Remote Exploit
5549| [25980] Apache Struts includeParams Remote Code Execution
5550| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5551| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5552| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5553| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5554| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5555| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5556| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5557| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5558| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5559| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5560| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5561| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5562| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5563| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5564| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5565| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5566| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5567| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5568| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5569| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5570| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5571| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5572| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5573| [21719] Apache 2.0 Path Disclosure Vulnerability
5574| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5575| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5576| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5577| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5578| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5579| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5580| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5581| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5582| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5583| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5584| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5585| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5586| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5587| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5588| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5589| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5590| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5591| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5592| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5593| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5594| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5595| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5596| [20558] Apache 1.2 Web Server DoS Vulnerability
5597| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5598| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5599| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5600| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5601| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5602| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5603| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5604| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5605| [19231] PHP apache_request_headers Function Buffer Overflow
5606| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5607| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5608| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5609| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5610| [18442] Apache httpOnly Cookie Disclosure
5611| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5612| [18221] Apache HTTP Server Denial of Service
5613| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5614| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5615| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5616| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5617| [16782] Apache Win32 Chunked Encoding
5618| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5619| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5620| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5621| [15319] Apache 2.2 (Windows) Local Denial of Service
5622| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5623| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5624| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5625| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5626| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5627| [12330] Apache OFBiz - Multiple XSS
5628| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5629| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5630| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5631| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5632| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5633| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5634| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5635| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5636| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5637| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5638| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5639| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5640| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5641| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5642| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5643| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5644| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5645| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5646| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5647| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5648| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5649| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5650| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5651| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5652| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5653| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5654| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5655| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5656| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5657| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5658| [466] htpasswd Apache 1.3.31 - Local Exploit
5659| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5660| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5661| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5662| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5663| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5664| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5665| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5666| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5667| [9] Apache HTTP Server 2.x Memory Leak Exploit
5668|
5669| OpenVAS (Nessus) - http://www.openvas.org:
5670| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5671| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5672| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5673| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5674| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5675| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5676| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5677| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5678| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5679| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5680| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5681| [900571] Apache APR-Utils Version Detection
5682| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5683| [900496] Apache Tiles Multiple XSS Vulnerability
5684| [900493] Apache Tiles Version Detection
5685| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5686| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5687| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5688| [870175] RedHat Update for apache RHSA-2008:0004-01
5689| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5690| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5691| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5692| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5693| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5694| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5695| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5696| [855821] Solaris Update for Apache 1.3 122912-19
5697| [855812] Solaris Update for Apache 1.3 122911-19
5698| [855737] Solaris Update for Apache 1.3 122911-17
5699| [855731] Solaris Update for Apache 1.3 122912-17
5700| [855695] Solaris Update for Apache 1.3 122911-16
5701| [855645] Solaris Update for Apache 1.3 122912-16
5702| [855587] Solaris Update for kernel update and Apache 108529-29
5703| [855566] Solaris Update for Apache 116973-07
5704| [855531] Solaris Update for Apache 116974-07
5705| [855524] Solaris Update for Apache 2 120544-14
5706| [855494] Solaris Update for Apache 1.3 122911-15
5707| [855478] Solaris Update for Apache Security 114145-11
5708| [855472] Solaris Update for Apache Security 113146-12
5709| [855179] Solaris Update for Apache 1.3 122912-15
5710| [855147] Solaris Update for kernel update and Apache 108528-29
5711| [855077] Solaris Update for Apache 2 120543-14
5712| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5713| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5714| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5715| [841209] Ubuntu Update for apache2 USN-1627-1
5716| [840900] Ubuntu Update for apache2 USN-1368-1
5717| [840798] Ubuntu Update for apache2 USN-1259-1
5718| [840734] Ubuntu Update for apache2 USN-1199-1
5719| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5720| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5721| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5722| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5723| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5724| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5725| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5726| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5727| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5728| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5729| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5730| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5731| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5732| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5733| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5734| [835188] HP-UX Update for Apache HPSBUX02308
5735| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5736| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5737| [835172] HP-UX Update for Apache HPSBUX02365
5738| [835168] HP-UX Update for Apache HPSBUX02313
5739| [835148] HP-UX Update for Apache HPSBUX01064
5740| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5741| [835131] HP-UX Update for Apache HPSBUX00256
5742| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5743| [835104] HP-UX Update for Apache HPSBUX00224
5744| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5745| [835101] HP-UX Update for Apache HPSBUX01232
5746| [835080] HP-UX Update for Apache HPSBUX02273
5747| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5748| [835044] HP-UX Update for Apache HPSBUX01019
5749| [835040] HP-UX Update for Apache PHP HPSBUX00207
5750| [835025] HP-UX Update for Apache HPSBUX00197
5751| [835023] HP-UX Update for Apache HPSBUX01022
5752| [835022] HP-UX Update for Apache HPSBUX02292
5753| [835005] HP-UX Update for Apache HPSBUX02262
5754| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5755| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5756| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5757| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5758| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5759| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5760| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5761| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5762| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5763| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5764| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5765| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5766| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5767| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5768| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5769| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5770| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5771| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5772| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5773| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5774| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5775| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5776| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5777| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5778| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5779| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5780| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5781| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5782| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5783| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5784| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5785| [801942] Apache Archiva Multiple Vulnerabilities
5786| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5787| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5788| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5789| [801284] Apache Derby Information Disclosure Vulnerability
5790| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5791| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5792| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5793| [800680] Apache APR Version Detection
5794| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5795| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5796| [800677] Apache Roller Version Detection
5797| [800279] Apache mod_jk Module Version Detection
5798| [800278] Apache Struts Cross Site Scripting Vulnerability
5799| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5800| [800276] Apache Struts Version Detection
5801| [800271] Apache Struts Directory Traversal Vulnerability
5802| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5803| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5804| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5805| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5806| [103074] Apache Continuum Cross Site Scripting Vulnerability
5807| [103073] Apache Continuum Detection
5808| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5809| [101023] Apache Open For Business Weak Password security check
5810| [101020] Apache Open For Business HTML injection vulnerability
5811| [101019] Apache Open For Business service detection
5812| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5813| [100923] Apache Archiva Detection
5814| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5815| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5816| [100813] Apache Axis2 Detection
5817| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5818| [100795] Apache Derby Detection
5819| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5820| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5821| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5822| [100514] Apache Multiple Security Vulnerabilities
5823| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5824| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5825| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5826| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5827| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5828| [72612] FreeBSD Ports: apache22
5829| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5830| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5831| [71512] FreeBSD Ports: apache
5832| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5833| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5834| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5835| [70737] FreeBSD Ports: apache
5836| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5837| [70600] FreeBSD Ports: apache
5838| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5839| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5840| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5841| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5842| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5843| [67868] FreeBSD Ports: apache
5844| [66816] FreeBSD Ports: apache
5845| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5846| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5847| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5848| [66081] SLES11: Security update for Apache 2
5849| [66074] SLES10: Security update for Apache 2
5850| [66070] SLES9: Security update for Apache 2
5851| [65998] SLES10: Security update for apache2-mod_python
5852| [65893] SLES10: Security update for Apache 2
5853| [65888] SLES10: Security update for Apache 2
5854| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5855| [65510] SLES9: Security update for Apache 2
5856| [65472] SLES9: Security update for Apache
5857| [65467] SLES9: Security update for Apache
5858| [65450] SLES9: Security update for apache2
5859| [65390] SLES9: Security update for Apache2
5860| [65363] SLES9: Security update for Apache2
5861| [65309] SLES9: Security update for Apache and mod_ssl
5862| [65296] SLES9: Security update for webdav apache module
5863| [65283] SLES9: Security update for Apache2
5864| [65249] SLES9: Security update for Apache 2
5865| [65230] SLES9: Security update for Apache 2
5866| [65228] SLES9: Security update for Apache 2
5867| [65212] SLES9: Security update for apache2-mod_python
5868| [65209] SLES9: Security update for apache2-worker
5869| [65207] SLES9: Security update for Apache 2
5870| [65168] SLES9: Security update for apache2-mod_python
5871| [65142] SLES9: Security update for Apache2
5872| [65136] SLES9: Security update for Apache 2
5873| [65132] SLES9: Security update for apache
5874| [65131] SLES9: Security update for Apache 2 oes/CORE
5875| [65113] SLES9: Security update for apache2
5876| [65072] SLES9: Security update for apache and mod_ssl
5877| [65017] SLES9: Security update for Apache 2
5878| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5879| [64783] FreeBSD Ports: apache
5880| [64774] Ubuntu USN-802-2 (apache2)
5881| [64653] Ubuntu USN-813-2 (apache2)
5882| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5883| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5884| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5885| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5886| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5887| [64443] Ubuntu USN-802-1 (apache2)
5888| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5889| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5890| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5891| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5892| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5893| [64201] Ubuntu USN-787-1 (apache2)
5894| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5895| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5896| [63565] FreeBSD Ports: apache
5897| [63562] Ubuntu USN-731-1 (apache2)
5898| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5899| [61185] FreeBSD Ports: apache
5900| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5901| [60387] Slackware Advisory SSA:2008-045-02 apache
5902| [58826] FreeBSD Ports: apache-tomcat
5903| [58825] FreeBSD Ports: apache-tomcat
5904| [58804] FreeBSD Ports: apache
5905| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5906| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5907| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5908| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5909| [57335] Debian Security Advisory DSA 1167-1 (apache)
5910| [57201] Debian Security Advisory DSA 1131-1 (apache)
5911| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5912| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5913| [57145] FreeBSD Ports: apache
5914| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5915| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5916| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5917| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5918| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5919| [56067] FreeBSD Ports: apache
5920| [55803] Slackware Advisory SSA:2005-310-04 apache
5921| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5922| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5923| [55355] FreeBSD Ports: apache
5924| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5925| [55261] Debian Security Advisory DSA 805-1 (apache2)
5926| [55259] Debian Security Advisory DSA 803-1 (apache)
5927| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5928| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5929| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5930| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5931| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5932| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5933| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5934| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5935| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5936| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5937| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5938| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5939| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5940| [54439] FreeBSD Ports: apache
5941| [53931] Slackware Advisory SSA:2004-133-01 apache
5942| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5943| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5944| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5945| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5946| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5947| [53848] Debian Security Advisory DSA 131-1 (apache)
5948| [53784] Debian Security Advisory DSA 021-1 (apache)
5949| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5950| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5951| [53735] Debian Security Advisory DSA 187-1 (apache)
5952| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5953| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5954| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5955| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5956| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5957| [53282] Debian Security Advisory DSA 594-1 (apache)
5958| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5959| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5960| [53215] Debian Security Advisory DSA 525-1 (apache)
5961| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5962| [52529] FreeBSD Ports: apache+ssl
5963| [52501] FreeBSD Ports: apache
5964| [52461] FreeBSD Ports: apache
5965| [52390] FreeBSD Ports: apache
5966| [52389] FreeBSD Ports: apache
5967| [52388] FreeBSD Ports: apache
5968| [52383] FreeBSD Ports: apache
5969| [52339] FreeBSD Ports: apache+mod_ssl
5970| [52331] FreeBSD Ports: apache
5971| [52329] FreeBSD Ports: ru-apache+mod_ssl
5972| [52314] FreeBSD Ports: apache
5973| [52310] FreeBSD Ports: apache
5974| [15588] Detect Apache HTTPS
5975| [15555] Apache mod_proxy content-length buffer overflow
5976| [15554] Apache mod_include priviledge escalation
5977| [14771] Apache <= 1.3.33 htpasswd local overflow
5978| [14177] Apache mod_access rule bypass
5979| [13644] Apache mod_rootme Backdoor
5980| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5981| [12280] Apache Connection Blocking Denial of Service
5982| [12239] Apache Error Log Escape Sequence Injection
5983| [12123] Apache Tomcat source.jsp malformed request information disclosure
5984| [12085] Apache Tomcat servlet/JSP container default files
5985| [11438] Apache Tomcat Directory Listing and File disclosure
5986| [11204] Apache Tomcat Default Accounts
5987| [11092] Apache 2.0.39 Win32 directory traversal
5988| [11046] Apache Tomcat TroubleShooter Servlet Installed
5989| [11042] Apache Tomcat DOS Device Name XSS
5990| [11041] Apache Tomcat /servlet Cross Site Scripting
5991| [10938] Apache Remote Command Execution via .bat files
5992| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5993| [10773] MacOS X Finder reveals contents of Apache Web files
5994| [10766] Apache UserDir Sensitive Information Disclosure
5995| [10756] MacOS X Finder reveals contents of Apache Web directories
5996| [10752] Apache Auth Module SQL Insertion Attack
5997| [10704] Apache Directory Listing
5998| [10678] Apache /server-info accessible
5999| [10677] Apache /server-status accessible
6000| [10440] Check for Apache Multiple / vulnerability
6001|
6002| SecurityTracker - https://www.securitytracker.com:
6003| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
6004| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
6005| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
6006| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
6007| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6008| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6009| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6010| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
6011| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
6012| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
6013| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6014| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
6015| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
6016| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6017| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
6018| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
6019| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
6020| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
6021| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
6022| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
6023| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
6024| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
6025| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
6026| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6027| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
6028| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6029| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6030| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
6031| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
6032| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6033| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
6034| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
6035| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
6036| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
6037| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
6038| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
6039| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
6040| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
6041| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
6042| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
6043| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
6044| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
6045| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
6046| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
6047| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
6048| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
6049| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6050| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
6051| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
6052| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
6053| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
6054| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
6055| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
6056| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
6057| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
6058| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
6059| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
6060| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
6061| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
6062| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
6063| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
6064| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
6065| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
6066| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
6067| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
6068| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
6069| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
6070| [1024096] Apache mod_proxy_http May Return Results for a Different Request
6071| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
6072| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
6073| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
6074| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
6075| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
6076| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
6077| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
6078| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
6079| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
6080| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
6081| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
6082| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
6083| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
6084| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6085| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
6086| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
6087| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
6088| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
6089| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
6090| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6091| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
6092| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
6093| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
6094| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
6095| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
6096| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
6097| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
6098| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
6099| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
6100| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
6101| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
6102| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
6103| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
6104| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
6105| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
6106| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
6107| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
6108| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
6109| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
6110| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
6111| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
6112| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
6113| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
6114| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
6115| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
6116| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
6117| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
6118| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
6119| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
6120| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
6121| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
6122| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
6123| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
6124| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
6125| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
6126| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
6127| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
6128| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
6129| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
6130| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
6131| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
6132| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
6133| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
6134| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
6135| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
6136| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
6137| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
6138| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
6139| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
6140| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
6141| [1008920] Apache mod_digest May Validate Replayed Client Responses
6142| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
6143| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
6144| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
6145| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
6146| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
6147| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
6148| [1008030] Apache mod_rewrite Contains a Buffer Overflow
6149| [1008029] Apache mod_alias Contains a Buffer Overflow
6150| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
6151| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
6152| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
6153| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
6154| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
6155| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
6156| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
6157| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
6158| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
6159| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
6160| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
6161| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
6162| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
6163| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
6164| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
6165| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
6166| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
6167| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
6168| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
6169| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
6170| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
6171| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
6172| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
6173| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
6174| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
6175| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
6176| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
6177| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
6178| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
6179| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
6180| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
6181| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
6182| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
6183| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
6184| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
6185| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
6186| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
6187| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
6188| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6189| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6190| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
6191| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
6192| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
6193| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
6194| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
6195| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
6196| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
6197| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
6198| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
6199| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
6200| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
6201| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
6202| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
6203| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
6204| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
6205| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
6206|
6207| OSVDB - http://www.osvdb.org:
6208| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
6209| [96077] Apache CloudStack Global Settings Multiple Field XSS
6210| [96076] Apache CloudStack Instances Menu Display Name Field XSS
6211| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
6212| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
6213| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
6214| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
6215| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
6216| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
6217| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
6218| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
6219| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
6220| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6221| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
6222| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
6223| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
6224| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
6225| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6226| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
6227| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
6228| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
6229| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
6230| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
6231| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
6232| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
6233| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
6234| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
6235| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
6236| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
6237| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
6238| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
6239| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
6240| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
6241| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
6242| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
6243| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
6244| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
6245| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
6246| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
6247| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
6248| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
6249| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
6250| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6251| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6252| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6253| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6254| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6255| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6256| [94279] Apache Qpid CA Certificate Validation Bypass
6257| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6258| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6259| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6260| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6261| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6262| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6263| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6264| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6265| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6266| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6267| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6268| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6269| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6270| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6271| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6272| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6273| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6274| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6275| [93541] Apache Solr json.wrf Callback XSS
6276| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6277| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6278| [93520] Apache CloudStack Default SSL Key Weakness
6279| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6280| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6281| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6282| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6283| [93515] Apache HBase table.jsp name Parameter XSS
6284| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6285| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6286| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6287| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6288| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6289| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6290| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6291| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6292| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6293| [93252] Apache Tomcat FORM Authenticator Session Fixation
6294| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6295| [93171] Apache Sling HtmlResponse Error Message XSS
6296| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6297| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6298| [93168] Apache Click ErrorReport.java id Parameter XSS
6299| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6300| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6301| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6302| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6303| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6304| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6305| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6306| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6307| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6308| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6309| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6310| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6311| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6312| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6313| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6314| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6315| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6316| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6317| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6318| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6319| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6320| [93144] Apache Solr Admin Command Execution CSRF
6321| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6322| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6323| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6324| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6325| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6326| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6327| [92748] Apache CloudStack VM Console Access Restriction Bypass
6328| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6329| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6330| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6331| [92706] Apache ActiveMQ Debug Log Rendering XSS
6332| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6333| [92270] Apache Tomcat Unspecified CSRF
6334| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6335| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6336| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6337| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6338| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6339| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6340| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6341| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6342| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6343| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6344| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6345| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6346| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6347| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6348| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6349| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6350| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6351| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6352| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6353| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6354| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6355| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6356| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6357| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6358| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6359| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6360| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6361| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6362| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6363| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6364| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6365| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6366| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6367| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6368| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6369| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6370| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6371| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6372| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6373| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6374| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6375| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6376| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6377| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6378| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6379| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6380| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6381| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6382| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6383| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6384| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6385| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6386| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6387| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6388| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6389| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6390| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6391| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6392| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6393| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6394| [86901] Apache Tomcat Error Message Path Disclosure
6395| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6396| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6397| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6398| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6399| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6400| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6401| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6402| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6403| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6404| [85430] Apache mod_pagespeed Module Unspecified XSS
6405| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6406| [85249] Apache Wicket Unspecified XSS
6407| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6408| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6409| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6410| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6411| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6412| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6413| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6414| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6415| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6416| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6417| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6418| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6419| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6420| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6421| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6422| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6423| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6424| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6425| [83339] Apache Roller Blogger Roll Unspecified XSS
6426| [83270] Apache Roller Unspecified Admin Action CSRF
6427| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6428| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6429| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6430| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6431| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6432| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6433| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6434| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6435| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6436| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6437| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6438| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6439| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6440| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6441| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6442| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6443| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6444| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6445| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6446| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6447| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6448| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6449| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6450| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6451| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6452| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6453| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6454| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6455| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6456| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6457| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6458| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6459| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6460| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6461| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6462| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6463| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6464| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6465| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6466| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6467| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6468| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6469| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6470| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6471| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6472| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6473| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6474| [77593] Apache Struts Conversion Error OGNL Expression Injection
6475| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6476| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6477| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6478| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6479| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6480| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6481| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6482| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6483| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6484| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6485| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6486| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6487| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6488| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6489| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6490| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6491| [74725] Apache Wicket Multi Window Support Unspecified XSS
6492| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6493| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6494| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6495| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6496| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6497| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6498| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6499| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6500| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6501| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6502| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6503| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6504| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6505| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6506| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6507| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6508| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6509| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6510| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6511| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6512| [73154] Apache Archiva Multiple Unspecified CSRF
6513| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6514| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6515| [72238] Apache Struts Action / Method Names <
6516| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6517| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6518| [71557] Apache Tomcat HTML Manager Multiple XSS
6519| [71075] Apache Archiva User Management Page XSS
6520| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6521| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6522| [70924] Apache Continuum Multiple Admin Function CSRF
6523| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6524| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6525| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6526| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6527| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6528| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6529| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6530| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6531| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6532| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6533| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6534| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6535| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6536| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6537| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6538| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6539| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6540| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6541| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6542| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6543| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6544| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6545| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6546| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6547| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6548| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6549| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6550| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6551| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6552| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6553| [65054] Apache ActiveMQ Jetty Error Handler XSS
6554| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6555| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6556| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6557| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6558| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6559| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6560| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6561| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6562| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6563| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6564| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6565| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6566| [63895] Apache HTTP Server mod_headers Unspecified Issue
6567| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6568| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6569| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6570| [63140] Apache Thrift Service Malformed Data Remote DoS
6571| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6572| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6573| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6574| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6575| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6576| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6577| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6578| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6579| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6580| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6581| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6582| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6583| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6584| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6585| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6586| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6587| [60678] Apache Roller Comment Email Notification Manipulation DoS
6588| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6589| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6590| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6591| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6592| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6593| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6594| [60232] PHP on Apache php.exe Direct Request Remote DoS
6595| [60176] Apache Tomcat Windows Installer Admin Default Password
6596| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6597| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6598| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6599| [59944] Apache Hadoop jobhistory.jsp XSS
6600| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6601| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6602| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6603| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6604| [59019] Apache mod_python Cookie Salting Weakness
6605| [59018] Apache Harmony Error Message Handling Overflow
6606| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6607| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6608| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6609| [59010] Apache Solr get-file.jsp XSS
6610| [59009] Apache Solr action.jsp XSS
6611| [59008] Apache Solr analysis.jsp XSS
6612| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6613| [59006] Apache Beehive select / checkbox Tag XSS
6614| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6615| [59004] Apache Beehive Error Message XSS
6616| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6617| [59002] Apache Jetspeed default-page.psml URI XSS
6618| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6619| [59000] Apache CXF Unsigned Message Policy Bypass
6620| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6621| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6622| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6623| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6624| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6625| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6626| [58993] Apache Hadoop browseBlock.jsp XSS
6627| [58991] Apache Hadoop browseDirectory.jsp XSS
6628| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6629| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6630| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6631| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6632| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6633| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6634| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6635| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6636| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6637| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6638| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6639| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6640| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6641| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6642| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6643| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6644| [58974] Apache Sling /apps Script User Session Management Access Weakness
6645| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6646| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6647| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6648| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6649| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6650| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6651| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6652| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6653| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6654| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6655| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6656| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6657| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6658| [58805] Apache Derby Unauthenticated Database / Admin Access
6659| [58804] Apache Wicket Header Contribution Unspecified Issue
6660| [58803] Apache Wicket Session Fixation
6661| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6662| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6663| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6664| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6665| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6666| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6667| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6668| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6669| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6670| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6671| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6672| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6673| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6674| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6675| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6676| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6677| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6678| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6679| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6680| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6681| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6682| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6683| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6684| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6685| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6686| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6687| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6688| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6689| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6690| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6691| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6692| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6693| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6694| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6695| [58755] Apache Harmony DRLVM Non-public Class Member Access
6696| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6697| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6698| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6699| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6700| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6701| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6702| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6703| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6704| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6705| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6706| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6707| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6708| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6709| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6710| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6711| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6712| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6713| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6714| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6715| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6716| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6717| [58724] Apache Roller Logout Functionality Failure Session Persistence
6718| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6719| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6720| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6721| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6722| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6723| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6724| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6725| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6726| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6727| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6728| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6729| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6730| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6731| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6732| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6733| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6734| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6735| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6736| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6737| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6738| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6739| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6740| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6741| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6742| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6743| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6744| [58687] Apache Axis Invalid wsdl Request XSS
6745| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6746| [58685] Apache Velocity Template Designer Privileged Code Execution
6747| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6748| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6749| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6750| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6751| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6752| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6753| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6754| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6755| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6756| [58667] Apache Roller Database Cleartext Passwords Disclosure
6757| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6758| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6759| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6760| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6761| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6762| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6763| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6764| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6765| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6766| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6767| [56984] Apache Xerces2 Java Malformed XML Input DoS
6768| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6769| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6770| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6771| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6772| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6773| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6774| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6775| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6776| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6777| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6778| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6779| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6780| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6781| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6782| [55056] Apache Tomcat Cross-application TLD File Manipulation
6783| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6784| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6785| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6786| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6787| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6788| [54589] Apache Jserv Nonexistent JSP Request XSS
6789| [54122] Apache Struts s:a / s:url Tag href Element XSS
6790| [54093] Apache ActiveMQ Web Console JMS Message XSS
6791| [53932] Apache Geronimo Multiple Admin Function CSRF
6792| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6793| [53930] Apache Geronimo /console/portal/ URI XSS
6794| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6795| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6796| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6797| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6798| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6799| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6800| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6801| [53380] Apache Struts Unspecified XSS
6802| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6803| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6804| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6805| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6806| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6807| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6808| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6809| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6810| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6811| [51151] Apache Roller Search Function q Parameter XSS
6812| [50482] PHP with Apache php_value Order Unspecified Issue
6813| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6814| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6815| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6816| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6817| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6818| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6819| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6820| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6821| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6822| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6823| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6824| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6825| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6826| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6827| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6828| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6829| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6830| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6831| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6832| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6833| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6834| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6835| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6836| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6837| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6838| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6839| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6840| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6841| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6842| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6843| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6844| [43452] Apache Tomcat HTTP Request Smuggling
6845| [43309] Apache Geronimo LoginModule Login Method Bypass
6846| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6847| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6848| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6849| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6850| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6851| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6852| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6853| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6854| [42091] Apache Maven Site Plugin Installation Permission Weakness
6855| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6856| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6857| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6858| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6859| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6860| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6861| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6862| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6863| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6864| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6865| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6866| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6867| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6868| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6869| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6870| [40262] Apache HTTP Server mod_status refresh XSS
6871| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6872| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6873| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6874| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6875| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6876| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6877| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6878| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6879| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6880| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6881| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6882| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6883| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6884| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6885| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6886| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6887| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6888| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6889| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6890| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6891| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6892| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6893| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6894| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6895| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6896| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6897| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6898| [36079] Apache Tomcat Manager Uploaded Filename XSS
6899| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6900| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6901| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6902| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6903| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6904| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6905| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6906| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6907| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6908| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6909| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6910| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6911| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6912| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6913| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6914| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6915| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6916| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6917| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6918| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6919| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6920| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6921| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6922| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6923| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6924| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6925| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6926| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6927| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6928| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6929| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6930| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6931| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6932| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6933| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6934| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6935| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6936| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6937| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6938| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6939| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6940| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6941| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6942| [24365] Apache Struts Multiple Function Error Message XSS
6943| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6944| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6945| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6946| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6947| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6948| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6949| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6950| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6951| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6952| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6953| [22459] Apache Geronimo Error Page XSS
6954| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6955| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6956| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6957| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6958| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6959| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6960| [21021] Apache Struts Error Message XSS
6961| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6962| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6963| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6964| [20439] Apache Tomcat Directory Listing Saturation DoS
6965| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6966| [20285] Apache HTTP Server Log File Control Character Injection
6967| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6968| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6969| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6970| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6971| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6972| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6973| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6974| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6975| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6976| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6977| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6978| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6979| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6980| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6981| [18233] Apache HTTP Server htdigest user Variable Overfow
6982| [17738] Apache HTTP Server HTTP Request Smuggling
6983| [16586] Apache HTTP Server Win32 GET Overflow DoS
6984| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6985| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6986| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6987| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6988| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6989| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6990| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6991| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6992| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6993| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6994| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6995| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6996| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6997| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6998| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6999| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
7000| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
7001| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
7002| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
7003| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
7004| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
7005| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
7006| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
7007| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
7008| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
7009| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
7010| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
7011| [13304] Apache Tomcat realPath.jsp Path Disclosure
7012| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
7013| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
7014| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
7015| [12848] Apache HTTP Server htdigest realm Variable Overflow
7016| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
7017| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
7018| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
7019| [12557] Apache HTTP Server prefork MPM accept Error DoS
7020| [12233] Apache Tomcat MS-DOS Device Name Request DoS
7021| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
7022| [12231] Apache Tomcat web.xml Arbitrary File Access
7023| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7024| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7025| [12178] Apache Jakarta Lucene results.jsp XSS
7026| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7027| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7028| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7029| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7030| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7031| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
7032| [10471] Apache Xerces-C++ XML Parser DoS
7033| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7034| [10068] Apache HTTP Server htpasswd Local Overflow
7035| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7036| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7037| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7038| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7039| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7040| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7041| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7042| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
7043| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7044| [9714] Apache Authentication Module Threaded MPM DoS
7045| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7046| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7047| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7048| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7049| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7050| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7051| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7052| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7053| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
7054| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7055| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7056| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7057| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7058| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7059| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7060| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7061| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
7062| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7063| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7064| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7065| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7066| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7067| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
7068| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7069| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
7070| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
7071| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7072| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
7073| [9208] Apache Tomcat .jsp Encoded Newline XSS
7074| [9204] Apache Tomcat ROOT Application XSS
7075| [9203] Apache Tomcat examples Application XSS
7076| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7077| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
7078| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
7079| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7080| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7081| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7082| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7083| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7084| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7085| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
7086| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
7087| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
7088| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
7089| [7611] Apache HTTP Server mod_alias Local Overflow
7090| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
7091| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
7092| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
7093| [6882] Apache mod_python Malformed Query String Variant DoS
7094| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
7095| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
7096| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
7097| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
7098| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
7099| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
7100| [5526] Apache Tomcat Long .JSP URI Path Disclosure
7101| [5278] Apache Tomcat web.xml Restriction Bypass
7102| [5051] Apache Tomcat Null Character DoS
7103| [4973] Apache Tomcat servlet Mapping XSS
7104| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
7105| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
7106| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
7107| [4568] mod_survey For Apache ENV Tags SQL Injection
7108| [4553] Apache HTTP Server ApacheBench Overflow DoS
7109| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
7110| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
7111| [4383] Apache HTTP Server Socket Race Condition DoS
7112| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
7113| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
7114| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
7115| [4231] Apache Cocoon Error Page Server Path Disclosure
7116| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
7117| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
7118| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
7119| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
7120| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
7121| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
7122| [3322] mod_php for Apache HTTP Server Process Hijack
7123| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
7124| [2885] Apache mod_python Malformed Query String DoS
7125| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
7126| [2733] Apache HTTP Server mod_rewrite Local Overflow
7127| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
7128| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
7129| [2149] Apache::Gallery Privilege Escalation
7130| [2107] Apache HTTP Server mod_ssl Host: Header XSS
7131| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
7132| [1833] Apache HTTP Server Multiple Slash GET Request DoS
7133| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
7134| [872] Apache Tomcat Multiple Default Accounts
7135| [862] Apache HTTP Server SSI Error Page XSS
7136| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
7137| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
7138| [845] Apache Tomcat MSDOS Device XSS
7139| [844] Apache Tomcat Java Servlet Error Page XSS
7140| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
7141| [838] Apache HTTP Server Chunked Encoding Remote Overflow
7142| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
7143| [775] Apache mod_python Module Importing Privilege Function Execution
7144| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
7145| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
7146| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
7147| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
7148| [637] Apache HTTP Server UserDir Directive Username Enumeration
7149| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
7150| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
7151| [562] Apache HTTP Server mod_info /server-info Information Disclosure
7152| [561] Apache Web Servers mod_status /server-status Information Disclosure
7153| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
7154| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
7155| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
7156| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
7157| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
7158| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
7159| [376] Apache Tomcat contextAdmin Arbitrary File Access
7160| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
7161| [222] Apache HTTP Server test-cgi Arbitrary File Access
7162| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
7163| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
7164|_
7165139/tcp closed netbios-ssn conn-refused
7166443/tcp open ssl/http syn-ack Apache httpd
7167|_http-server-header: Apache
7168| vulscan: VulDB - https://vuldb.com:
7169| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7170| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7171| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7172| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7173| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7174| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7175| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7176| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7177| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7178| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7179| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7180| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7181| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7182| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7183| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7184| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7185| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7186| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
7187| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7188| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7189| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
7190| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
7191| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
7192| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
7193| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7194| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7195| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
7196| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
7197| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
7198| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
7199| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7200| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
7201| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
7202| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
7203| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
7204| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
7205| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
7206| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
7207| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
7208| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7209| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7210| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7211| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7212| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7213| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7214| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7215| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7216| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7217| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7218| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7219| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7220| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7221| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7222| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7223| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7224| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7225| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7226| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7227| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7228| [130629] Apache Guacamole Cookie Flag weak encryption
7229| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7230| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7231| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7232| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7233| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7234| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7235| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7236| [130123] Apache Airflow up to 1.8.2 information disclosure
7237| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7238| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7239| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7240| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7241| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7242| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7243| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7244| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7245| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7246| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7247| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7248| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7249| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7250| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7251| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7252| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7253| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7254| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7255| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7256| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7257| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7258| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7259| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7260| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7261| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7262| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7263| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7264| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7265| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7266| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7267| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7268| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7269| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7270| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7271| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7272| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7273| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7274| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7275| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7276| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7277| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7278| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7279| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7280| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7281| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7282| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7283| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7284| [127007] Apache Spark Request Code Execution
7285| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7286| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7287| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7288| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7289| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7290| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7291| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7292| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7293| [126346] Apache Tomcat Path privilege escalation
7294| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7295| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7296| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7297| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7298| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7299| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7300| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7301| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7302| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7303| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7304| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7305| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7306| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7307| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7308| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7309| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7310| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7311| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7312| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7313| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7314| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7315| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7316| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7317| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7318| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7319| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7320| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7321| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7322| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7323| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7324| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7325| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7326| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7327| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7328| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7329| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7330| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7331| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7332| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7333| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7334| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7335| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7336| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7337| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7338| [123197] Apache Sentry up to 2.0.0 privilege escalation
7339| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7340| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7341| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7342| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7343| [122800] Apache Spark 1.3.0 REST API weak authentication
7344| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7345| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7346| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7347| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7348| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7349| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7350| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7351| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7352| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7353| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7354| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7355| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7356| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7357| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7358| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7359| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7360| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7361| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7362| [121354] Apache CouchDB HTTP API Code Execution
7363| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7364| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7365| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7366| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7367| [120168] Apache CXF weak authentication
7368| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7369| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7370| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7371| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7372| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7373| [119306] Apache MXNet Network Interface privilege escalation
7374| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7375| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7376| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7377| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7378| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7379| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7380| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7381| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7382| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7383| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7384| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7385| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7386| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7387| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7388| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7389| [117115] Apache Tika up to 1.17 tika-server command injection
7390| [116929] Apache Fineract getReportType Parameter privilege escalation
7391| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7392| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7393| [116926] Apache Fineract REST Hand Parameter privilege escalation
7394| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7395| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7396| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7397| [115883] Apache Hive up to 2.3.2 privilege escalation
7398| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7399| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7400| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7401| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7402| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7403| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7404| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7405| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7406| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7407| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7408| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7409| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7410| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7411| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7412| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7413| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7414| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7415| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7416| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7417| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7418| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7419| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7420| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7421| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7422| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7423| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7424| [113895] Apache Geode up to 1.3.x Code Execution
7425| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7426| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7427| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7428| [113747] Apache Tomcat Servlets privilege escalation
7429| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7430| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7431| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7432| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7433| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7434| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7435| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7436| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7437| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7438| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7439| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7440| [112885] Apache Allura up to 1.8.0 File information disclosure
7441| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7442| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7443| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7444| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7445| [112625] Apache POI up to 3.16 Loop denial of service
7446| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7447| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7448| [112339] Apache NiFi 1.5.0 Header privilege escalation
7449| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7450| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7451| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7452| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7453| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7454| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7455| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7456| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7457| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7458| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7459| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7460| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7461| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7462| [112114] Oracle 9.1 Apache Log4j privilege escalation
7463| [112113] Oracle 9.1 Apache Log4j privilege escalation
7464| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7465| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7466| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7467| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7468| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7469| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7470| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7471| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7472| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7473| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7474| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7475| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7476| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7477| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7478| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7479| [110701] Apache Fineract Query Parameter sql injection
7480| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7481| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7482| [110393] Apple macOS up to 10.13.2 apache information disclosure
7483| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7484| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7485| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7486| [110106] Apache CXF Fediz Spring cross site request forgery
7487| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7488| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7489| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7490| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7491| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7492| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7493| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7494| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7495| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7496| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7497| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7498| [108938] Apple macOS up to 10.13.1 apache denial of service
7499| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7500| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7501| [108935] Apple macOS up to 10.13.1 apache denial of service
7502| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7503| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7504| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7505| [108931] Apple macOS up to 10.13.1 apache denial of service
7506| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7507| [108929] Apple macOS up to 10.13.1 apache denial of service
7508| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7509| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7510| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7511| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7512| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7513| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7514| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7515| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
7516| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7517| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7518| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7519| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7520| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7521| [108782] Apache Xerces2 XML Service denial of service
7522| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7523| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7524| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7525| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7526| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7527| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7528| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7529| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7530| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7531| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7532| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7533| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7534| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7535| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7536| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7537| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7538| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7539| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7540| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7541| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7542| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7543| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7544| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7545| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7546| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7547| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
7548| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
7549| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7550| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
7551| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7552| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7553| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7554| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
7555| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
7556| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7557| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7558| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7559| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7560| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7561| [107639] Apache NiFi 1.4.0 XML External Entity
7562| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7563| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7564| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7565| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7566| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7567| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7568| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7569| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7570| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7571| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7572| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7573| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7574| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7575| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7576| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7577| [107084] Apache Struts up to 2.3.19 cross site scripting
7578| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7579| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7580| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7581| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7582| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7583| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7584| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7585| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7586| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7587| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7588| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7589| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7590| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7591| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7592| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7593| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7594| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7595| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7596| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7597| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7598| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7599| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7600| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7601| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7602| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7603| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7604| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7605| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7606| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7607| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7608| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7609| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7610| [105643] Apache Pony Mail up to 0.8b weak authentication
7611| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7612| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7613| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7614| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7615| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7616| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7617| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7618| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7619| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7620| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7621| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7622| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7623| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7624| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7625| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7626| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7627| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7628| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7629| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7630| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7631| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7632| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7633| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7634| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7635| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7636| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7637| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7638| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7639| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7640| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7641| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7642| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7643| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7644| [103690] Apache OpenMeetings 1.0.0 sql injection
7645| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7646| [103688] Apache OpenMeetings 1.0.0 weak encryption
7647| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7648| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7649| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7650| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7651| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7652| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7653| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7654| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7655| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7656| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7657| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7658| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7659| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7660| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7661| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7662| [103352] Apache Solr Node weak authentication
7663| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7664| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7665| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7666| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
7667| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7668| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7669| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7670| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7671| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7672| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7673| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7674| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7675| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7676| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7677| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7678| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7679| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7680| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7681| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7682| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
7683| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7684| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7685| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7686| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7687| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7688| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7689| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7690| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7691| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7692| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7693| [99937] Apache Batik up to 1.8 privilege escalation
7694| [99936] Apache FOP up to 2.1 privilege escalation
7695| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7696| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7697| [99930] Apache Traffic Server up to 6.2.0 denial of service
7698| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7699| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7700| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7701| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7702| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7703| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7704| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7705| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7706| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7707| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7708| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7709| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7710| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7711| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7712| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7713| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7714| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7715| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7716| [98605] Apple macOS up to 10.12.3 Apache denial of service
7717| [98604] Apple macOS up to 10.12.3 Apache denial of service
7718| [98603] Apple macOS up to 10.12.3 Apache denial of service
7719| [98602] Apple macOS up to 10.12.3 Apache denial of service
7720| [98601] Apple macOS up to 10.12.3 Apache denial of service
7721| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7722| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7723| [98199] Apache Camel Validation XML External Entity
7724| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7725| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7726| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7727| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7728| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7729| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7730| [97081] Apache Tomcat HTTPS Request denial of service
7731| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7732| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7733| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7734| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7735| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7736| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7737| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7738| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
7739| [95311] Apache storm UI Daemon privilege escalation
7740| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
7741| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
7742| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
7743| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
7744| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
7745| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
7746| [94540] Apache Tika 1.9 tika-server File information disclosure
7747| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
7748| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
7749| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
7750| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
7751| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
7752| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
7753| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7754| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7755| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
7756| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
7757| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7758| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
7759| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
7760| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
7761| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7762| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7763| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
7764| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
7765| [93532] Apache Commons Collections Library Java privilege escalation
7766| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
7767| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
7768| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
7769| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
7770| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
7771| [93098] Apache Commons FileUpload privilege escalation
7772| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
7773| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
7774| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
7775| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
7776| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
7777| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
7778| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
7779| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
7780| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
7781| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
7782| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
7783| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
7784| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
7785| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
7786| [92549] Apache Tomcat on Red Hat privilege escalation
7787| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
7788| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
7789| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
7790| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
7791| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
7792| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
7793| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
7794| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
7795| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
7796| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
7797| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
7798| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
7799| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
7800| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
7801| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
7802| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
7803| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
7804| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
7805| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
7806| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
7807| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
7808| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
7809| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
7810| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
7811| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
7812| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
7813| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
7814| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
7815| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
7816| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
7817| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
7818| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
7819| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
7820| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
7821| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
7822| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
7823| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
7824| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
7825| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
7826| [90263] Apache Archiva Header denial of service
7827| [90262] Apache Archiva Deserialize privilege escalation
7828| [90261] Apache Archiva XML DTD Connection privilege escalation
7829| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
7830| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
7831| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
7832| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
7833| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7834| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7835| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
7836| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
7837| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
7838| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
7839| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
7840| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
7841| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
7842| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
7843| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
7844| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
7845| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
7846| [87765] Apache James Server 2.3.2 Command privilege escalation
7847| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
7848| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
7849| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
7850| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
7851| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
7852| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
7853| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
7854| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
7855| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
7856| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7857| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7858| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
7859| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
7860| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
7861| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7862| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7863| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
7864| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
7865| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
7866| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
7867| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
7868| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
7869| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
7870| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
7871| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
7872| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
7873| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
7874| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
7875| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
7876| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
7877| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
7878| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
7879| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
7880| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
7881| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
7882| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
7883| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
7884| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
7885| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
7886| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
7887| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
7888| [82076] Apache Ranger up to 0.5.1 privilege escalation
7889| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
7890| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
7891| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
7892| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
7893| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
7894| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
7895| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
7896| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
7897| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
7898| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
7899| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
7900| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
7901| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7902| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7903| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
7904| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
7905| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
7906| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
7907| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
7908| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
7909| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
7910| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
7911| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
7912| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
7913| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
7914| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
7915| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
7916| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
7917| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
7918| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
7919| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
7920| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
7921| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
7922| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
7923| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
7924| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
7925| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
7926| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
7927| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
7928| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
7929| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
7930| [79791] Cisco Products Apache Commons Collections Library privilege escalation
7931| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7932| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7933| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
7934| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
7935| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
7936| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
7937| [78989] Apache Ambari up to 2.1.1 Open Redirect
7938| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
7939| [78987] Apache Ambari up to 2.0.x cross site scripting
7940| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
7941| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7942| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7943| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7944| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7945| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7946| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7947| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7948| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
7949| [77406] Apache Flex BlazeDS AMF Message XML External Entity
7950| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
7951| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
7952| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
7953| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
7954| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
7955| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
7956| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
7957| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
7958| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
7959| [76567] Apache Struts 2.3.20 unknown vulnerability
7960| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
7961| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
7962| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
7963| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
7964| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
7965| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
7966| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
7967| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
7968| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
7969| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
7970| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
7971| [74793] Apache Tomcat File Upload denial of service
7972| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
7973| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
7974| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
7975| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
7976| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
7977| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
7978| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
7979| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
7980| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
7981| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
7982| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
7983| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
7984| [74468] Apache Batik up to 1.6 denial of service
7985| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
7986| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
7987| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
7988| [74174] Apache WSS4J up to 2.0.0 privilege escalation
7989| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
7990| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
7991| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
7992| [73731] Apache XML Security unknown vulnerability
7993| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
7994| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
7995| [73593] Apache Traffic Server up to 5.1.0 denial of service
7996| [73511] Apache POI up to 3.10 Deadlock denial of service
7997| [73510] Apache Solr up to 4.3.0 cross site scripting
7998| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
7999| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8000| [73173] Apache CloudStack Stack-Based unknown vulnerability
8001| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8002| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8003| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8004| [72890] Apache Qpid 0.30 unknown vulnerability
8005| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8006| [72878] Apache Cordova 3.5.0 cross site request forgery
8007| [72877] Apache Cordova 3.5.0 cross site request forgery
8008| [72876] Apache Cordova 3.5.0 cross site request forgery
8009| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8010| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8011| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8012| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8013| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8014| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8015| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8016| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8017| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8018| [71629] Apache Axis2/C spoofing
8019| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8020| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8021| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8022| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8023| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8024| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8025| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8026| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8027| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8028| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8029| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8030| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8031| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8032| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8033| [70809] Apache POI up to 3.11 Crash denial of service
8034| [70808] Apache POI up to 3.10 unknown vulnerability
8035| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8036| [70749] Apache Axis up to 1.4 getCN spoofing
8037| [70701] Apache Traffic Server up to 3.3.5 denial of service
8038| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8039| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8040| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8041| [70661] Apache Subversion up to 1.6.17 denial of service
8042| [70660] Apache Subversion up to 1.6.17 spoofing
8043| [70659] Apache Subversion up to 1.6.17 spoofing
8044| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8045| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8046| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8047| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8048| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8049| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8050| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8051| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8052| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8053| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8054| [69846] Apache HBase up to 0.94.8 information disclosure
8055| [69783] Apache CouchDB up to 1.2.0 memory corruption
8056| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8057| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
8058| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8059| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8060| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8061| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8062| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8063| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8064| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8065| [69431] Apache Archiva up to 1.3.6 cross site scripting
8066| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8067| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8068| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
8069| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8070| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8071| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8072| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8073| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8074| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8075| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8076| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8077| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8078| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8079| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8080| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8081| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8082| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8083| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8084| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8085| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8086| [66356] Apache Wicket up to 6.8.0 information disclosure
8087| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8088| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8089| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8090| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8091| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8092| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8093| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8094| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8095| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8096| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8097| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8098| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8099| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8100| [65668] Apache Solr 4.0.0 Updater denial of service
8101| [65665] Apache Solr up to 4.3.0 denial of service
8102| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8103| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8104| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8105| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8106| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8107| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8108| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8109| [65410] Apache Struts 2.3.15.3 cross site scripting
8110| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8111| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8112| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8113| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8114| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8115| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8116| [65340] Apache Shindig 2.5.0 information disclosure
8117| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8118| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8119| [10826] Apache Struts 2 File privilege escalation
8120| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8121| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8122| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8123| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8124| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
8125| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8126| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8127| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8128| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8129| [64722] Apache XML Security for C++ Heap-based memory corruption
8130| [64719] Apache XML Security for C++ Heap-based memory corruption
8131| [64718] Apache XML Security for C++ verify denial of service
8132| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8133| [64716] Apache XML Security for C++ spoofing
8134| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8135| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8136| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8137| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8138| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8139| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8140| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8141| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8142| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8143| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8144| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8145| [64467] Apache Geronimo 3.0 memory corruption
8146| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8147| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8148| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8149| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8150| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8151| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8152| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8153| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8154| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8155| [8873] Apache Struts 2.3.14 privilege escalation
8156| [8872] Apache Struts 2.3.14 privilege escalation
8157| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8158| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8159| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8160| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8161| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8162| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8163| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8164| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8165| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8166| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8167| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8168| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8169| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8170| [8427] Apache Tomcat Session Transaction weak authentication
8171| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8172| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8173| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8174| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8175| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8176| [63747] Apache Rave up to 0.20 User Account information disclosure
8177| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8178| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8179| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8180| [7687] Apache CXF up to 2.7.2 Token weak authentication
8181| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8182| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8183| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8184| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8185| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8186| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8187| [63090] Apache Tomcat up to 4.1.24 denial of service
8188| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8189| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8190| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8191| [62833] Apache CXF -/2.6.0 spoofing
8192| [62832] Apache Axis2 up to 1.6.2 spoofing
8193| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8194| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8195| [62826] Apache Libcloud up to 0.11.0 spoofing
8196| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8197| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8198| [62661] Apache Axis2 unknown vulnerability
8199| [62658] Apache Axis2 unknown vulnerability
8200| [62467] Apache Qpid up to 0.17 denial of service
8201| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8202| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8203| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8204| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8205| [62035] Apache Struts up to 2.3.4 denial of service
8206| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
8207| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8208| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8209| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8210| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8211| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8212| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8213| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8214| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8215| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8216| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8217| [61229] Apache Sling up to 2.1.1 denial of service
8218| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8219| [61094] Apache Roller up to 5.0 cross site scripting
8220| [61093] Apache Roller up to 5.0 cross site request forgery
8221| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8222| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8223| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
8224| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8225| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8226| [60708] Apache Qpid 0.12 unknown vulnerability
8227| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8228| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8229| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8230| [4882] Apache Wicket up to 1.5.4 directory traversal
8231| [4881] Apache Wicket up to 1.4.19 cross site scripting
8232| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8233| [60352] Apache Struts up to 2.2.3 memory corruption
8234| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8235| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8236| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8237| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8238| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8239| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8240| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8241| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8242| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8243| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8244| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8245| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8246| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8247| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8248| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8249| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8250| [59888] Apache Tomcat up to 6.0.6 denial of service
8251| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8252| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8253| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
8254| [59850] Apache Geronimo up to 2.2.1 denial of service
8255| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8256| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8257| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8258| [58413] Apache Tomcat up to 6.0.10 spoofing
8259| [58381] Apache Wicket up to 1.4.17 cross site scripting
8260| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8261| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8262| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8263| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8264| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8265| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8266| [57568] Apache Archiva up to 1.3.4 cross site scripting
8267| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8268| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8269| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8270| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8271| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8272| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8273| [57025] Apache Tomcat up to 7.0.11 information disclosure
8274| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8275| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8276| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8277| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8278| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8279| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8280| [56512] Apache Continuum up to 1.4.0 cross site scripting
8281| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
8282| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
8283| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8284| [56441] Apache Tomcat up to 7.0.6 denial of service
8285| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8286| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8287| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8288| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8289| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8290| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8291| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8292| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8293| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8294| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8295| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8296| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8297| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8298| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8299| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8300| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8301| [54012] Apache Tomcat up to 6.0.10 denial of service
8302| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8303| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8304| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8305| [52894] Apache Tomcat up to 6.0.7 information disclosure
8306| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8307| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8308| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8309| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8310| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8311| [52584] Apache CouchDB up to 0.10.1 information disclosure
8312| [51757] Apache HTTP Server 2.0.44 cross site scripting
8313| [51756] Apache HTTP Server 2.0.44 spoofing
8314| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8315| [51690] Apache Tomcat up to 6.0 directory traversal
8316| [51689] Apache Tomcat up to 6.0 information disclosure
8317| [51688] Apache Tomcat up to 6.0 directory traversal
8318| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8319| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8320| [50626] Apache Solr 1.0.0 cross site scripting
8321| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8322| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8323| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8324| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8325| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8326| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8327| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8328| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8329| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8330| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8331| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8332| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8333| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8334| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
8335| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8336| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8337| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8338| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8339| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8340| [47214] Apachefriends xampp 1.6.8 spoofing
8341| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8342| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8343| [47065] Apache Tomcat 4.1.23 cross site scripting
8344| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8345| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8346| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8347| [86625] Apache Struts directory traversal
8348| [44461] Apache Tomcat up to 5.5.0 information disclosure
8349| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8350| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8351| [43663] Apache Tomcat up to 6.0.16 directory traversal
8352| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8353| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8354| [43516] Apache Tomcat up to 4.1.20 directory traversal
8355| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8356| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8357| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8358| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8359| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8360| [40924] Apache Tomcat up to 6.0.15 information disclosure
8361| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8362| [40922] Apache Tomcat up to 6.0 information disclosure
8363| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8364| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8365| [40656] Apache Tomcat 5.5.20 information disclosure
8366| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8367| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8368| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8369| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8370| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8371| [40234] Apache Tomcat up to 6.0.15 directory traversal
8372| [40221] Apache HTTP Server 2.2.6 information disclosure
8373| [40027] David Castro Apache Authcas 0.4 sql injection
8374| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
8375| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8376| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
8377| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8378| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8379| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8380| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8381| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8382| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8383| [38524] Apache Geronimo 2.0 unknown vulnerability
8384| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8385| [38331] Apache Tomcat 4.1.24 information disclosure
8386| [38330] Apache Tomcat 4.1.24 information disclosure
8387| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8388| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8389| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8390| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8391| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8392| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8393| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8394| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8395| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8396| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8397| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8398| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8399| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8400| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8401| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8402| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8403| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8404| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8405| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8406| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8407| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8408| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8409| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8410| [34252] Apache HTTP Server denial of service
8411| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8412| [33877] Apache Opentaps 0.9.3 cross site scripting
8413| [33876] Apache Open For Business Project unknown vulnerability
8414| [33875] Apache Open For Business Project cross site scripting
8415| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
8416| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8417| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
8418| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
8419| [31663] vbPortal Apache HTTP Server index.php directory traversal
8420| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
8421| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
8422| [30623] Apache James 2.2.0 SMTP Server denial of service
8423| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
8424|
8425| MITRE CVE - https://cve.mitre.org:
8426| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8427| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8428| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8429| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8430| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8431| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8432| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8433| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8434| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8435| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8436| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8437| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8438| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8439| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8440| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8441| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8442| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8443| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8444| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8445| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8446| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8447| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8448| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8449| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8450| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8451| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8452| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8453| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8454| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8455| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8456| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8457| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8458| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8459| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8460| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8461| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8462| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8463| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8464| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8465| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8466| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8467| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8468| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8469| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8470| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8471| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8472| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8473| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8474| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8475| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8476| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8477| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8478| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8479| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8480| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8481| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8482| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8483| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8484| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8485| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8486| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8487| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8488| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8489| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8490| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8491| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8492| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8493| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8494| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8495| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8496| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8497| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8498| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8499| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8500| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8501| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8502| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8503| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8504| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8505| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8506| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8507| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8508| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8509| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8510| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8511| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8512| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8513| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8514| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8515| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8516| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8517| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8518| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8519| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8520| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8521| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8522| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8523| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8524| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8525| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8526| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8527| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8528| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8529| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8530| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8531| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8532| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8533| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8534| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8535| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8536| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8537| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8538| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8539| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8540| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8541| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8542| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8543| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8544| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8545| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8546| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8547| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8548| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8549| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8550| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8551| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8552| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8553| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8554| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8555| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8556| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8557| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8558| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8559| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8560| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8561| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8562| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8563| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8564| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8565| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8566| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8567| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8568| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8569| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8570| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8571| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8572| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8573| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8574| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8575| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8576| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8577| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8578| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8579| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8580| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8581| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8582| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8583| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8584| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8585| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8586| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8587| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8588| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8589| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8590| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8591| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8592| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8593| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8594| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8595| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8596| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8597| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8598| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8599| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8600| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8601| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8602| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8603| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8604| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8605| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8606| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8607| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8608| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8609| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8610| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8611| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8612| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8613| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8614| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8615| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8616| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8617| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8618| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8619| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8620| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8621| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8622| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8623| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8624| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8625| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8626| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8627| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8628| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8629| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8630| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8631| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8632| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8633| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8634| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8635| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8636| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8637| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8638| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8639| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8640| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8641| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8642| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8643| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8644| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8645| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8646| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8647| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8648| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8649| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8650| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8651| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8652| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8653| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8654| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8655| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8656| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8657| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8658| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8659| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8660| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8661| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8662| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8663| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8664| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8665| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8666| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8667| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8668| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8669| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8670| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8671| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8672| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8673| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8674| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8675| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8676| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8677| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8678| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8679| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8680| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8681| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8682| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8683| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8684| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8685| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8686| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8687| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8688| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8689| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8690| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8691| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8692| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8693| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8694| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8695| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8696| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8697| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8698| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8699| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8700| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8701| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8702| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8703| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8704| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8705| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8706| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8707| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8708| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8709| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8710| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8711| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8712| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8713| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8714| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8715| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8716| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8717| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8718| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8719| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8720| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8721| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8722| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8723| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8724| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8725| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8726| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8727| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8728| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8729| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8730| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8731| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8732| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8733| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8734| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8735| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8736| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8737| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8738| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8739| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8740| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8741| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8742| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8743| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8744| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8745| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8746| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
8747| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
8748| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
8749| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
8750| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
8751| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
8752| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
8753| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
8754| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
8755| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
8756| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
8757| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
8758| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
8759| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
8760| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
8761| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
8762| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
8763| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
8764| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
8765| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
8766| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
8767| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
8768| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
8769| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
8770| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
8771| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
8772| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
8773| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8774| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8775| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
8776| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
8777| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
8778| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8779| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
8780| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
8781| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
8782| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
8783| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
8784| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
8785| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
8786| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
8787| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
8788| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
8789| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
8790| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
8791| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
8792| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8793| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8794| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
8795| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
8796| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
8797| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
8798| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
8799| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
8800| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
8801| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8802| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
8803| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8804| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
8805| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
8806| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
8807| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8808| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
8809| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8810| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
8811| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
8812| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8813| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
8814| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
8815| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
8816| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
8817| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
8818| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
8819| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
8820| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
8821| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8822| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
8823| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
8824| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
8825| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
8826| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
8827| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
8828| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
8829| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
8830| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
8831| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
8832| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
8833| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
8834| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
8835| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
8836| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
8837| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
8838| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
8839| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
8840| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
8841| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
8842| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
8843| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8844| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8845| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
8846| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
8847| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
8848| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
8849| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
8850| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
8851| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
8852| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
8853| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
8854| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
8855| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
8856| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
8857| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
8858| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
8859| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
8860| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
8861| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
8862| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
8863| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
8864| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
8865| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
8866| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
8867| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
8868| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8869| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8870| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8871| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
8872| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
8873| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
8874| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
8875| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
8876| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
8877| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
8878| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
8879| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
8880| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
8881| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
8882| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
8883| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
8884| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
8885| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
8886| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8887| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8888| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
8889| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
8890| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
8891| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
8892| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
8893| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
8894| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
8895| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
8896| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
8897| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
8898| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
8899| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
8900| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
8901| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
8902| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
8903| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
8904| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
8905| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
8906| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
8907| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
8908| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
8909| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
8910| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
8911| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
8912| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
8913| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8914| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8915| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
8916| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
8917| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
8918| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
8919| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
8920| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
8921| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
8922| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
8923| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
8924| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
8925| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
8926| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
8927| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
8928| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
8929| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
8930| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
8931| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
8932| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
8933| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
8934| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
8935| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
8936| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
8937| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
8938| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
8939| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
8940| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
8941| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
8942| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
8943| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
8944| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
8945| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
8946| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
8947| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
8948| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
8949| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
8950| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
8951| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
8952| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
8953| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
8954| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
8955| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
8956| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
8957| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
8958| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
8959| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
8960| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8961| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
8962| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
8963| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
8964| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
8965| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
8966| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
8967| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
8968| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
8969| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
8970| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
8971| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
8972| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
8973| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
8974| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
8975| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
8976| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
8977| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
8978| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
8979| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
8980| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
8981| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
8982| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
8983| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
8984| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
8985| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
8986| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
8987| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
8988| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
8989| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
8990| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
8991| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
8992| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
8993| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
8994| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
8995| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
8996| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
8997| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
8998| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
8999| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9000| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9001| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9002| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9003| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9004| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9005| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9006| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9007| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9008| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9009| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9010| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9011| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9012| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9013| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9014| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9015| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9016| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9017| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9018| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9019| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9020| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9021| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9022| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9023| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9024| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9025| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9026| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9027| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9028| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9029| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9030| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9031| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9032| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9033| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9034| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9035|
9036| SecurityFocus - https://www.securityfocus.com/bid/:
9037| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9038| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9039| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9040| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9041| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9042| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9043| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9044| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9045| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9046| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9047| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9048| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9049| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9050| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9051| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9052| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9053| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9054| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9055| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9056| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9057| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9058| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9059| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9060| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9061| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9062| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9063| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9064| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9065| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9066| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9067| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9068| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9069| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9070| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9071| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9072| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9073| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9074| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9075| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9076| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9077| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9078| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9079| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9080| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9081| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9082| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9083| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9084| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9085| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9086| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9087| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9088| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9089| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9090| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9091| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9092| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9093| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9094| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9095| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9096| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9097| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9098| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9099| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9100| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9101| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9102| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9103| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9104| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9105| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9106| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9107| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9108| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9109| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9110| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9111| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9112| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9113| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9114| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9115| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9116| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9117| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9118| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9119| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9120| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9121| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9122| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9123| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9124| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9125| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9126| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9127| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9128| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9129| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9130| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9131| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9132| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9133| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9134| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9135| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9136| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9137| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9138| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9139| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9140| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9141| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9142| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9143| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9144| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9145| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9146| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9147| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9148| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9149| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9150| [100447] Apache2Triad Multiple Security Vulnerabilities
9151| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9152| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9153| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9154| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9155| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9156| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9157| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9158| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9159| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9160| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9161| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9162| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9163| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9164| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9165| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9166| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9167| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9168| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9169| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9170| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9171| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9172| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9173| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9174| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9175| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9176| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9177| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9178| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9179| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9180| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9181| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9182| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9183| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9184| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9185| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9186| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9187| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9188| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9189| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9190| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9191| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9192| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9193| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9194| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9195| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9196| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9197| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9198| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9199| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9200| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9201| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9202| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9203| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9204| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9205| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9206| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9207| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9208| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9209| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9210| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9211| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9212| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9213| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9214| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9215| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9216| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9217| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9218| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9219| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9220| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9221| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9222| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9223| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9224| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9225| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9226| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9227| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9228| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9229| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9230| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9231| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9232| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9233| [95675] Apache Struts Remote Code Execution Vulnerability
9234| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9235| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9236| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9237| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9238| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9239| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9240| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9241| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9242| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9243| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9244| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9245| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9246| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9247| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9248| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9249| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9250| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9251| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9252| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9253| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9254| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9255| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9256| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9257| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9258| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9259| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9260| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9261| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9262| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9263| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9264| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9265| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9266| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9267| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9268| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9269| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9270| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9271| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9272| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9273| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9274| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9275| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9276| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9277| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9278| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9279| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9280| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9281| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9282| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9283| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9284| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9285| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9286| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9287| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9288| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9289| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9290| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9291| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9292| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9293| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9294| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9295| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9296| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9297| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9298| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9299| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9300| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9301| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9302| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9303| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9304| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9305| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9306| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9307| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9308| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9309| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9310| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9311| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9312| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9313| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9314| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9315| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9316| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9317| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9318| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9319| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9320| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9321| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9322| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9323| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9324| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9325| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9326| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9327| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9328| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9329| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9330| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9331| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9332| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9333| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9334| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9335| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9336| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9337| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9338| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9339| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9340| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9341| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9342| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9343| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9344| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9345| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9346| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9347| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9348| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9349| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9350| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9351| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9352| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9353| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9354| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9355| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9356| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9357| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9358| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9359| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9360| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9361| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9362| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9363| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9364| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9365| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9366| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9367| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9368| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9369| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9370| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9371| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9372| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9373| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9374| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9375| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9376| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9377| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9378| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9379| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9380| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9381| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9382| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9383| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9384| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9385| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9386| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9387| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9388| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9389| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9390| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9391| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9392| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9393| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9394| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9395| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9396| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9397| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9398| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9399| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9400| [76933] Apache James Server Unspecified Command Execution Vulnerability
9401| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9402| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9403| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9404| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9405| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9406| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9407| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9408| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9409| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9410| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9411| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9412| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9413| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9414| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9415| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9416| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9417| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9418| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9419| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9420| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9421| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9422| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9423| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9424| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9425| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9426| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9427| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9428| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9429| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9430| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9431| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9432| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9433| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9434| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9435| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9436| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9437| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9438| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9439| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9440| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9441| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9442| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9443| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9444| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9445| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9446| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9447| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9448| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9449| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9450| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9451| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9452| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9453| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9454| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9455| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9456| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9457| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9458| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9459| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9460| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9461| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9462| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9463| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9464| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9465| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9466| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9467| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9468| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9469| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9470| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9471| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9472| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9473| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9474| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9475| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9476| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9477| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9478| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9479| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9480| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9481| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9482| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9483| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9484| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9485| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9486| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9487| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9488| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9489| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9490| [68229] Apache Harmony PRNG Entropy Weakness
9491| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9492| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9493| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9494| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9495| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9496| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9497| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9498| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9499| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9500| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9501| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9502| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9503| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9504| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9505| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9506| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9507| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9508| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9509| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9510| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9511| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9512| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9513| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9514| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9515| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9516| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9517| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9518| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9519| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9520| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9521| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9522| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9523| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9524| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9525| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9526| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9527| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9528| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9529| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9530| [64780] Apache CloudStack Unauthorized Access Vulnerability
9531| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9532| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9533| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9534| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9535| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9536| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9537| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9538| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9539| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9540| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9541| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9542| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9543| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9544| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9545| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9546| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9547| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9548| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9549| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9550| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9551| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9552| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9553| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9554| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9555| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9556| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9557| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9558| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9559| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9560| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9561| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9562| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9563| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9564| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9565| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9566| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9567| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9568| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9569| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9570| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9571| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9572| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9573| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9574| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9575| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9576| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9577| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9578| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9579| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9580| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9581| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9582| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9583| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9584| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9585| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9586| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9587| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9588| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9589| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9590| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9591| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9592| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9593| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9594| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9595| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9596| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9597| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9598| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9599| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9600| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9601| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9602| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9603| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9604| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9605| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9606| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9607| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9608| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9609| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9610| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9611| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9612| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9613| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9614| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9615| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9616| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9617| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9618| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9619| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9620| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9621| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9622| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9623| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9624| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9625| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9626| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9627| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9628| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9629| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9630| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9631| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9632| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9633| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9634| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9635| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9636| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9637| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9638| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9639| [54798] Apache Libcloud Man In The Middle Vulnerability
9640| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9641| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9642| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9643| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9644| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9645| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9646| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9647| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9648| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9649| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9650| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9651| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9652| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9653| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9654| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9655| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9656| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9657| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9658| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9659| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9660| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9661| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9662| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9663| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9664| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9665| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9666| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9667| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9668| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9669| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9670| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9671| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9672| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9673| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9674| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9675| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9676| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9677| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9678| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9679| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9680| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9681| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9682| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9683| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9684| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9685| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9686| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9687| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9688| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9689| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9690| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9691| [49290] Apache Wicket Cross Site Scripting Vulnerability
9692| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9693| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9694| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9695| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9696| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9697| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9698| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9699| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9700| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9701| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9702| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9703| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9704| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9705| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9706| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9707| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9708| [46953] Apache MPM-ITK Module Security Weakness
9709| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9710| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9711| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9712| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9713| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9714| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9715| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9716| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9717| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9718| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9719| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9720| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9721| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9722| [44616] Apache Shiro Directory Traversal Vulnerability
9723| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9724| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9725| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9726| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9727| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9728| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9729| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9730| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9731| [42492] Apache CXF XML DTD Processing Security Vulnerability
9732| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9733| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9734| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9735| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9736| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9737| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9738| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9739| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9740| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9741| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9742| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9743| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9744| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9745| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9746| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
9747| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
9748| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
9749| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
9750| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
9751| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
9752| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
9753| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
9754| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
9755| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
9756| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
9757| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
9758| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
9759| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
9760| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
9761| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
9762| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9763| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
9764| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
9765| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
9766| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
9767| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9768| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
9769| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
9770| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
9771| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
9772| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
9773| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
9774| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9775| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
9776| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
9777| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
9778| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
9779| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
9780| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
9781| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
9782| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
9783| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
9784| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
9785| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
9786| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
9787| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
9788| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
9789| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
9790| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
9791| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
9792| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9793| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
9794| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
9795| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
9796| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
9797| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
9798| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
9799| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
9800| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
9801| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
9802| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
9803| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
9804| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
9805| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
9806| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
9807| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
9808| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
9809| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
9810| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
9811| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
9812| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
9813| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
9814| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
9815| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
9816| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
9817| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
9818| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
9819| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
9820| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
9821| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
9822| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
9823| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
9824| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
9825| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
9826| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
9827| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
9828| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
9829| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
9830| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
9831| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
9832| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
9833| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
9834| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
9835| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
9836| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
9837| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
9838| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
9839| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
9840| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
9841| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
9842| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
9843| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
9844| [20527] Apache Mod_TCL Remote Format String Vulnerability
9845| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
9846| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
9847| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
9848| [19106] Apache Tomcat Information Disclosure Vulnerability
9849| [18138] Apache James SMTP Denial Of Service Vulnerability
9850| [17342] Apache Struts Multiple Remote Vulnerabilities
9851| [17095] Apache Log4Net Denial Of Service Vulnerability
9852| [16916] Apache mod_python FileSession Code Execution Vulnerability
9853| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
9854| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
9855| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
9856| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
9857| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
9858| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
9859| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
9860| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
9861| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
9862| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
9863| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
9864| [15177] PHP Apache 2 Local Denial of Service Vulnerability
9865| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
9866| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
9867| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
9868| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
9869| [14106] Apache HTTP Request Smuggling Vulnerability
9870| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
9871| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
9872| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
9873| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
9874| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
9875| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
9876| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
9877| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
9878| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
9879| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
9880| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
9881| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
9882| [11471] Apache mod_include Local Buffer Overflow Vulnerability
9883| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
9884| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
9885| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
9886| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
9887| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
9888| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
9889| [11094] Apache mod_ssl Denial Of Service Vulnerability
9890| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
9891| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
9892| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
9893| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
9894| [10478] ClueCentral Apache Suexec Patch Security Weakness
9895| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
9896| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
9897| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
9898| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
9899| [9921] Apache Connection Blocking Denial Of Service Vulnerability
9900| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
9901| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
9902| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
9903| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
9904| [9733] Apache Cygwin Directory Traversal Vulnerability
9905| [9599] Apache mod_php Global Variables Information Disclosure Weakness
9906| [9590] Apache-SSL Client Certificate Forging Vulnerability
9907| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
9908| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
9909| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
9910| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
9911| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
9912| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
9913| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
9914| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
9915| [8898] Red Hat Apache Directory Index Default Configuration Error
9916| [8883] Apache Cocoon Directory Traversal Vulnerability
9917| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
9918| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
9919| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
9920| [8707] Apache htpasswd Password Entropy Weakness
9921| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
9922| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
9923| [8226] Apache HTTP Server Multiple Vulnerabilities
9924| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
9925| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
9926| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
9927| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
9928| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
9929| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
9930| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
9931| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
9932| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
9933| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
9934| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
9935| [7255] Apache Web Server File Descriptor Leakage Vulnerability
9936| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
9937| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
9938| [6939] Apache Web Server ETag Header Information Disclosure Weakness
9939| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
9940| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
9941| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
9942| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
9943| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
9944| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
9945| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
9946| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
9947| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
9948| [6117] Apache mod_php File Descriptor Leakage Vulnerability
9949| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
9950| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
9951| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
9952| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
9953| [5992] Apache HTDigest Insecure Temporary File Vulnerability
9954| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
9955| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
9956| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
9957| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
9958| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
9959| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
9960| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
9961| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
9962| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
9963| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
9964| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
9965| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
9966| [5485] Apache 2.0 Path Disclosure Vulnerability
9967| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
9968| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
9969| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
9970| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
9971| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
9972| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
9973| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
9974| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
9975| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
9976| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
9977| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
9978| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
9979| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
9980| [4437] Apache Error Message Cross-Site Scripting Vulnerability
9981| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
9982| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
9983| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
9984| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
9985| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
9986| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
9987| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
9988| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
9989| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
9990| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
9991| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
9992| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
9993| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
9994| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
9995| [3596] Apache Split-Logfile File Append Vulnerability
9996| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
9997| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
9998| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
9999| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10000| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10001| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10002| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10003| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10004| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10005| [3169] Apache Server Address Disclosure Vulnerability
10006| [3009] Apache Possible Directory Index Disclosure Vulnerability
10007| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10008| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10009| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10010| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10011| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10012| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10013| [2216] Apache Web Server DoS Vulnerability
10014| [2182] Apache /tmp File Race Vulnerability
10015| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10016| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10017| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10018| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10019| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10020| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10021| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10022| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10023| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10024| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10025| [1457] Apache::ASP source.asp Example Script Vulnerability
10026| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10027| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10028|
10029| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10030| [86258] Apache CloudStack text fields cross-site scripting
10031| [85983] Apache Subversion mod_dav_svn module denial of service
10032| [85875] Apache OFBiz UEL code execution
10033| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10034| [85871] Apache HTTP Server mod_session_dbd unspecified
10035| [85756] Apache Struts OGNL expression command execution
10036| [85755] Apache Struts DefaultActionMapper class open redirect
10037| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10038| [85574] Apache HTTP Server mod_dav denial of service
10039| [85573] Apache Struts Showcase App OGNL code execution
10040| [85496] Apache CXF denial of service
10041| [85423] Apache Geronimo RMI classloader code execution
10042| [85326] Apache Santuario XML Security for C++ buffer overflow
10043| [85323] Apache Santuario XML Security for Java spoofing
10044| [85319] Apache Qpid Python client SSL spoofing
10045| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10046| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10047| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10048| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10049| [84952] Apache Tomcat CVE-2012-3544 denial of service
10050| [84763] Apache Struts CVE-2013-2135 security bypass
10051| [84762] Apache Struts CVE-2013-2134 security bypass
10052| [84719] Apache Subversion CVE-2013-2088 command execution
10053| [84718] Apache Subversion CVE-2013-2112 denial of service
10054| [84717] Apache Subversion CVE-2013-1968 denial of service
10055| [84577] Apache Tomcat security bypass
10056| [84576] Apache Tomcat symlink
10057| [84543] Apache Struts CVE-2013-2115 security bypass
10058| [84542] Apache Struts CVE-2013-1966 security bypass
10059| [84154] Apache Tomcat session hijacking
10060| [84144] Apache Tomcat denial of service
10061| [84143] Apache Tomcat information disclosure
10062| [84111] Apache HTTP Server command execution
10063| [84043] Apache Virtual Computing Lab cross-site scripting
10064| [84042] Apache Virtual Computing Lab cross-site scripting
10065| [83782] Apache CloudStack information disclosure
10066| [83781] Apache CloudStack security bypass
10067| [83720] Apache ActiveMQ cross-site scripting
10068| [83719] Apache ActiveMQ denial of service
10069| [83718] Apache ActiveMQ denial of service
10070| [83263] Apache Subversion denial of service
10071| [83262] Apache Subversion denial of service
10072| [83261] Apache Subversion denial of service
10073| [83259] Apache Subversion denial of service
10074| [83035] Apache mod_ruid2 security bypass
10075| [82852] Apache Qpid federation_tag security bypass
10076| [82851] Apache Qpid qpid::framing::Buffer denial of service
10077| [82758] Apache Rave User RPC API information disclosure
10078| [82663] Apache Subversion svn_fs_file_length() denial of service
10079| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10080| [82641] Apache Qpid AMQP denial of service
10081| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10082| [82618] Apache Commons FileUpload symlink
10083| [82360] Apache HTTP Server manager interface cross-site scripting
10084| [82359] Apache HTTP Server hostnames cross-site scripting
10085| [82338] Apache Tomcat log/logdir information disclosure
10086| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10087| [82268] Apache OpenJPA deserialization command execution
10088| [81981] Apache CXF UsernameTokens security bypass
10089| [81980] Apache CXF WS-Security security bypass
10090| [81398] Apache OFBiz cross-site scripting
10091| [81240] Apache CouchDB directory traversal
10092| [81226] Apache CouchDB JSONP code execution
10093| [81225] Apache CouchDB Futon user interface cross-site scripting
10094| [81211] Apache Axis2/C SSL spoofing
10095| [81167] Apache CloudStack DeployVM information disclosure
10096| [81166] Apache CloudStack AddHost API information disclosure
10097| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10098| [80518] Apache Tomcat cross-site request forgery security bypass
10099| [80517] Apache Tomcat FormAuthenticator security bypass
10100| [80516] Apache Tomcat NIO denial of service
10101| [80408] Apache Tomcat replay-countermeasure security bypass
10102| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10103| [80317] Apache Tomcat slowloris denial of service
10104| [79984] Apache Commons HttpClient SSL spoofing
10105| [79983] Apache CXF SSL spoofing
10106| [79830] Apache Axis2/Java SSL spoofing
10107| [79829] Apache Axis SSL spoofing
10108| [79809] Apache Tomcat DIGEST security bypass
10109| [79806] Apache Tomcat parseHeaders() denial of service
10110| [79540] Apache OFBiz unspecified
10111| [79487] Apache Axis2 SAML security bypass
10112| [79212] Apache Cloudstack code execution
10113| [78734] Apache CXF SOAP Action security bypass
10114| [78730] Apache Qpid broker denial of service
10115| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10116| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10117| [78562] Apache mod_pagespeed module security bypass
10118| [78454] Apache Axis2 security bypass
10119| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10120| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10121| [78321] Apache Wicket unspecified cross-site scripting
10122| [78183] Apache Struts parameters denial of service
10123| [78182] Apache Struts cross-site request forgery
10124| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10125| [77987] mod_rpaf module for Apache denial of service
10126| [77958] Apache Struts skill name code execution
10127| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10128| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10129| [77568] Apache Qpid broker security bypass
10130| [77421] Apache Libcloud spoofing
10131| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10132| [77046] Oracle Solaris Apache HTTP Server information disclosure
10133| [76837] Apache Hadoop information disclosure
10134| [76802] Apache Sling CopyFrom denial of service
10135| [76692] Apache Hadoop symlink
10136| [76535] Apache Roller console cross-site request forgery
10137| [76534] Apache Roller weblog cross-site scripting
10138| [76152] Apache CXF elements security bypass
10139| [76151] Apache CXF child policies security bypass
10140| [75983] MapServer for Windows Apache file include
10141| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10142| [75558] Apache POI denial of service
10143| [75545] PHP apache_request_headers() buffer overflow
10144| [75302] Apache Qpid SASL security bypass
10145| [75211] Debian GNU/Linux apache 2 cross-site scripting
10146| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10147| [74871] Apache OFBiz FlexibleStringExpander code execution
10148| [74870] Apache OFBiz multiple cross-site scripting
10149| [74750] Apache Hadoop unspecified spoofing
10150| [74319] Apache Struts XSLTResult.java file upload
10151| [74313] Apache Traffic Server header buffer overflow
10152| [74276] Apache Wicket directory traversal
10153| [74273] Apache Wicket unspecified cross-site scripting
10154| [74181] Apache HTTP Server mod_fcgid module denial of service
10155| [73690] Apache Struts OGNL code execution
10156| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10157| [73100] Apache MyFaces in directory traversal
10158| [73096] Apache APR hash denial of service
10159| [73052] Apache Struts name cross-site scripting
10160| [73030] Apache CXF UsernameToken security bypass
10161| [72888] Apache Struts lastName cross-site scripting
10162| [72758] Apache HTTP Server httpOnly information disclosure
10163| [72757] Apache HTTP Server MPM denial of service
10164| [72585] Apache Struts ParameterInterceptor security bypass
10165| [72438] Apache Tomcat Digest security bypass
10166| [72437] Apache Tomcat Digest security bypass
10167| [72436] Apache Tomcat DIGEST security bypass
10168| [72425] Apache Tomcat parameter denial of service
10169| [72422] Apache Tomcat request object information disclosure
10170| [72377] Apache HTTP Server scoreboard security bypass
10171| [72345] Apache HTTP Server HTTP request denial of service
10172| [72229] Apache Struts ExceptionDelegator command execution
10173| [72089] Apache Struts ParameterInterceptor directory traversal
10174| [72088] Apache Struts CookieInterceptor command execution
10175| [72047] Apache Geronimo hash denial of service
10176| [72016] Apache Tomcat hash denial of service
10177| [71711] Apache Struts OGNL expression code execution
10178| [71654] Apache Struts interfaces security bypass
10179| [71620] Apache ActiveMQ failover denial of service
10180| [71617] Apache HTTP Server mod_proxy module information disclosure
10181| [71508] Apache MyFaces EL security bypass
10182| [71445] Apache HTTP Server mod_proxy security bypass
10183| [71203] Apache Tomcat servlets privilege escalation
10184| [71181] Apache HTTP Server ap_pregsub() denial of service
10185| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10186| [70336] Apache HTTP Server mod_proxy information disclosure
10187| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10188| [69472] Apache Tomcat AJP security bypass
10189| [69396] Apache HTTP Server ByteRange filter denial of service
10190| [69394] Apache Wicket multi window support cross-site scripting
10191| [69176] Apache Tomcat XML information disclosure
10192| [69161] Apache Tomcat jsvc information disclosure
10193| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10194| [68541] Apache Tomcat sendfile information disclosure
10195| [68420] Apache XML Security denial of service
10196| [68238] Apache Tomcat JMX information disclosure
10197| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10198| [67804] Apache Subversion control rules information disclosure
10199| [67803] Apache Subversion control rules denial of service
10200| [67802] Apache Subversion baselined denial of service
10201| [67672] Apache Archiva multiple cross-site scripting
10202| [67671] Apache Archiva multiple cross-site request forgery
10203| [67564] Apache APR apr_fnmatch() denial of service
10204| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10205| [67515] Apache Tomcat annotations security bypass
10206| [67480] Apache Struts s:submit information disclosure
10207| [67414] Apache APR apr_fnmatch() denial of service
10208| [67356] Apache Struts javatemplates cross-site scripting
10209| [67354] Apache Struts Xwork cross-site scripting
10210| [66676] Apache Tomcat HTTP BIO information disclosure
10211| [66675] Apache Tomcat web.xml security bypass
10212| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10213| [66241] Apache HttpComponents information disclosure
10214| [66154] Apache Tomcat ServletSecurity security bypass
10215| [65971] Apache Tomcat ServletSecurity security bypass
10216| [65876] Apache Subversion mod_dav_svn denial of service
10217| [65343] Apache Continuum unspecified cross-site scripting
10218| [65162] Apache Tomcat NIO connector denial of service
10219| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10220| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10221| [65159] Apache Tomcat ServletContect security bypass
10222| [65050] Apache CouchDB web-based administration UI cross-site scripting
10223| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10224| [64473] Apache Subversion blame -g denial of service
10225| [64472] Apache Subversion walk() denial of service
10226| [64407] Apache Axis2 CVE-2010-0219 code execution
10227| [63926] Apache Archiva password privilege escalation
10228| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10229| [63493] Apache Archiva credentials cross-site request forgery
10230| [63477] Apache Tomcat HttpOnly session hijacking
10231| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10232| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10233| [62959] Apache Shiro filters security bypass
10234| [62790] Apache Perl cgi module denial of service
10235| [62576] Apache Qpid exchange denial of service
10236| [62575] Apache Qpid AMQP denial of service
10237| [62354] Apache Qpid SSL denial of service
10238| [62235] Apache APR-util apr_brigade_split_line() denial of service
10239| [62181] Apache XML-RPC SAX Parser information disclosure
10240| [61721] Apache Traffic Server cache poisoning
10241| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10242| [61186] Apache CouchDB Futon cross-site request forgery
10243| [61169] Apache CXF DTD denial of service
10244| [61070] Apache Jackrabbit search.jsp SQL injection
10245| [61006] Apache SLMS Quoting cross-site request forgery
10246| [60962] Apache Tomcat time cross-site scripting
10247| [60883] Apache mod_proxy_http information disclosure
10248| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10249| [60264] Apache Tomcat Transfer-Encoding denial of service
10250| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10251| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10252| [59413] Apache mod_proxy_http timeout information disclosure
10253| [59058] Apache MyFaces unencrypted view state cross-site scripting
10254| [58827] Apache Axis2 xsd file include
10255| [58790] Apache Axis2 modules cross-site scripting
10256| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10257| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10258| [58056] Apache ActiveMQ .jsp source code disclosure
10259| [58055] Apache Tomcat realm name information disclosure
10260| [58046] Apache HTTP Server mod_auth_shadow security bypass
10261| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10262| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10263| [57429] Apache CouchDB algorithms information disclosure
10264| [57398] Apache ActiveMQ Web console cross-site request forgery
10265| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10266| [56653] Apache HTTP Server DNS spoofing
10267| [56652] Apache HTTP Server DNS cross-site scripting
10268| [56625] Apache HTTP Server request header information disclosure
10269| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10270| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10271| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10272| [55857] Apache Tomcat WAR files directory traversal
10273| [55856] Apache Tomcat autoDeploy attribute security bypass
10274| [55855] Apache Tomcat WAR directory traversal
10275| [55210] Intuit component for Joomla! Apache information disclosure
10276| [54533] Apache Tomcat 404 error page cross-site scripting
10277| [54182] Apache Tomcat admin default password
10278| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10279| [53666] Apache HTTP Server Solaris pollset support denial of service
10280| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10281| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10282| [53041] mod_proxy_ftp module for Apache denial of service
10283| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10284| [51953] Apache Tomcat Path Disclosure
10285| [51952] Apache Tomcat Path Traversal
10286| [51951] Apache stronghold-status Information Disclosure
10287| [51950] Apache stronghold-info Information Disclosure
10288| [51949] Apache PHP Source Code Disclosure
10289| [51948] Apache Multiviews Attack
10290| [51946] Apache JServ Environment Status Information Disclosure
10291| [51945] Apache error_log Information Disclosure
10292| [51944] Apache Default Installation Page Pattern Found
10293| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10294| [51942] Apache AXIS XML External Entity File Retrieval
10295| [51941] Apache AXIS Sample Servlet Information Leak
10296| [51940] Apache access_log Information Disclosure
10297| [51626] Apache mod_deflate denial of service
10298| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10299| [51365] Apache Tomcat RequestDispatcher security bypass
10300| [51273] Apache HTTP Server Incomplete Request denial of service
10301| [51195] Apache Tomcat XML information disclosure
10302| [50994] Apache APR-util xml/apr_xml.c denial of service
10303| [50993] Apache APR-util apr_brigade_vprintf denial of service
10304| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10305| [50930] Apache Tomcat j_security_check information disclosure
10306| [50928] Apache Tomcat AJP denial of service
10307| [50884] Apache HTTP Server XML ENTITY denial of service
10308| [50808] Apache HTTP Server AllowOverride privilege escalation
10309| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10310| [50059] Apache mod_proxy_ajp information disclosure
10311| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10312| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10313| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10314| [49921] Apache ActiveMQ Web interface cross-site scripting
10315| [49898] Apache Geronimo Services/Repository directory traversal
10316| [49725] Apache Tomcat mod_jk module information disclosure
10317| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10318| [49712] Apache Struts unspecified cross-site scripting
10319| [49213] Apache Tomcat cal2.jsp cross-site scripting
10320| [48934] Apache Tomcat POST doRead method information disclosure
10321| [48211] Apache Tomcat header HTTP request smuggling
10322| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10323| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10324| [47709] Apache Roller "
10325| [47104] Novell Netware ApacheAdmin console security bypass
10326| [47086] Apache HTTP Server OS fingerprinting unspecified
10327| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10328| [45791] Apache Tomcat RemoteFilterValve security bypass
10329| [44435] Oracle WebLogic Apache Connector buffer overflow
10330| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10331| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10332| [44156] Apache Tomcat RequestDispatcher directory traversal
10333| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10334| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10335| [42987] Apache HTTP Server mod_proxy module denial of service
10336| [42915] Apache Tomcat JSP files path disclosure
10337| [42914] Apache Tomcat MS-DOS path disclosure
10338| [42892] Apache Tomcat unspecified unauthorized access
10339| [42816] Apache Tomcat Host Manager cross-site scripting
10340| [42303] Apache 403 error cross-site scripting
10341| [41618] Apache-SSL ExpandCert() authentication bypass
10342| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10343| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10344| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10345| [40562] Apache Geronimo init information disclosure
10346| [40478] Novell Web Manager webadmin-apache.conf security bypass
10347| [40411] Apache Tomcat exception handling information disclosure
10348| [40409] Apache Tomcat native (APR based) connector weak security
10349| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10350| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10351| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10352| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10353| [39804] Apache Tomcat SingleSignOn information disclosure
10354| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10355| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10356| [39608] Apache HTTP Server balancer manager cross-site request forgery
10357| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10358| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10359| [39472] Apache HTTP Server mod_status cross-site scripting
10360| [39201] Apache Tomcat JULI logging weak security
10361| [39158] Apache HTTP Server Windows SMB shares information disclosure
10362| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10363| [38951] Apache::AuthCAS Perl module cookie SQL injection
10364| [38800] Apache HTTP Server 413 error page cross-site scripting
10365| [38211] Apache Geronimo SQLLoginModule authentication bypass
10366| [37243] Apache Tomcat WebDAV directory traversal
10367| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10368| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10369| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10370| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10371| [36782] Apache Geronimo MEJB unauthorized access
10372| [36586] Apache HTTP Server UTF-7 cross-site scripting
10373| [36468] Apache Geronimo LoginModule security bypass
10374| [36467] Apache Tomcat functions.jsp cross-site scripting
10375| [36402] Apache Tomcat calendar cross-site request forgery
10376| [36354] Apache HTTP Server mod_proxy module denial of service
10377| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10378| [36336] Apache Derby lock table privilege escalation
10379| [36335] Apache Derby schema privilege escalation
10380| [36006] Apache Tomcat "
10381| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10382| [35999] Apache Tomcat \"
10383| [35795] Apache Tomcat CookieExample cross-site scripting
10384| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10385| [35384] Apache HTTP Server mod_cache module denial of service
10386| [35097] Apache HTTP Server mod_status module cross-site scripting
10387| [35095] Apache HTTP Server Prefork MPM module denial of service
10388| [34984] Apache HTTP Server recall_headers information disclosure
10389| [34966] Apache HTTP Server MPM content spoofing
10390| [34965] Apache HTTP Server MPM information disclosure
10391| [34963] Apache HTTP Server MPM multiple denial of service
10392| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10393| [34869] Apache Tomcat JSP example Web application cross-site scripting
10394| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10395| [34496] Apache Tomcat JK Connector security bypass
10396| [34377] Apache Tomcat hello.jsp cross-site scripting
10397| [34212] Apache Tomcat SSL configuration security bypass
10398| [34210] Apache Tomcat Accept-Language cross-site scripting
10399| [34209] Apache Tomcat calendar application cross-site scripting
10400| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10401| [34167] Apache Axis WSDL file path disclosure
10402| [34068] Apache Tomcat AJP connector information disclosure
10403| [33584] Apache HTTP Server suEXEC privilege escalation
10404| [32988] Apache Tomcat proxy module directory traversal
10405| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10406| [32708] Debian Apache tty privilege escalation
10407| [32441] ApacheStats extract() PHP call unspecified
10408| [32128] Apache Tomcat default account
10409| [31680] Apache Tomcat RequestParamExample cross-site scripting
10410| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10411| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10412| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10413| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10414| [29550] Apache mod_tcl set_var() format string
10415| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10416| [28357] Apache HTTP Server mod_alias script source information disclosure
10417| [28063] Apache mod_rewrite off-by-one buffer overflow
10418| [27902] Apache Tomcat URL information disclosure
10419| [26786] Apache James SMTP server denial of service
10420| [25680] libapache2 /tmp/svn file upload
10421| [25614] Apache Struts lookupMap cross-site scripting
10422| [25613] Apache Struts ActionForm denial of service
10423| [25612] Apache Struts isCancelled() security bypass
10424| [24965] Apache mod_python FileSession command execution
10425| [24716] Apache James spooler memory leak denial of service
10426| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10427| [24158] Apache Geronimo jsp-examples cross-site scripting
10428| [24030] Apache auth_ldap module multiple format strings
10429| [24008] Apache mod_ssl custom error message denial of service
10430| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10431| [23612] Apache mod_imap referer field cross-site scripting
10432| [23173] Apache Struts error message cross-site scripting
10433| [22942] Apache Tomcat directory listing denial of service
10434| [22858] Apache Multi-Processing Module code allows denial of service
10435| [22602] RHSA-2005:582 updates for Apache httpd not installed
10436| [22520] Apache mod-auth-shadow "
10437| [22466] ApacheTop symlink
10438| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10439| [22006] Apache HTTP Server byte-range filter denial of service
10440| [21567] Apache mod_ssl off-by-one buffer overflow
10441| [21195] Apache HTTP Server header HTTP request smuggling
10442| [20383] Apache HTTP Server htdigest buffer overflow
10443| [19681] Apache Tomcat AJP12 request denial of service
10444| [18993] Apache HTTP server check_forensic symlink attack
10445| [18790] Apache Tomcat Manager cross-site scripting
10446| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10447| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10448| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10449| [17961] Apache Web server ServerTokens has not been set
10450| [17930] Apache HTTP Server HTTP GET request denial of service
10451| [17785] Apache mod_include module buffer overflow
10452| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10453| [17473] Apache HTTP Server Satisfy directive allows access to resources
10454| [17413] Apache htpasswd buffer overflow
10455| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10456| [17382] Apache HTTP Server IPv6 apr_util denial of service
10457| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10458| [17273] Apache HTTP Server speculative mode denial of service
10459| [17200] Apache HTTP Server mod_ssl denial of service
10460| [16890] Apache HTTP Server server-info request has been detected
10461| [16889] Apache HTTP Server server-status request has been detected
10462| [16705] Apache mod_ssl format string attack
10463| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10464| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10465| [16230] Apache HTTP Server PHP denial of service
10466| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10467| [15958] Apache HTTP Server authentication modules memory corruption
10468| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10469| [15540] Apache HTTP Server socket starvation denial of service
10470| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10471| [15422] Apache HTTP Server mod_access information disclosure
10472| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10473| [15293] Apache for Cygwin "
10474| [15065] Apache-SSL has a default password
10475| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10476| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10477| [14751] Apache Mod_python output filter information disclosure
10478| [14125] Apache HTTP Server mod_userdir module information disclosure
10479| [14075] Apache HTTP Server mod_php file descriptor leak
10480| [13703] Apache HTTP Server account
10481| [13689] Apache HTTP Server configuration allows symlinks
10482| [13688] Apache HTTP Server configuration allows SSI
10483| [13687] Apache HTTP Server Server: header value
10484| [13685] Apache HTTP Server ServerTokens value
10485| [13684] Apache HTTP Server ServerSignature value
10486| [13672] Apache HTTP Server config allows directory autoindexing
10487| [13671] Apache HTTP Server default content
10488| [13670] Apache HTTP Server config file directive references outside content root
10489| [13668] Apache HTTP Server httpd not running in chroot environment
10490| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10491| [13664] Apache HTTP Server config file contains ScriptAlias entry
10492| [13663] Apache HTTP Server CGI support modules loaded
10493| [13661] Apache HTTP Server config file contains AddHandler entry
10494| [13660] Apache HTTP Server 500 error page not CGI script
10495| [13659] Apache HTTP Server 413 error page not CGI script
10496| [13658] Apache HTTP Server 403 error page not CGI script
10497| [13657] Apache HTTP Server 401 error page not CGI script
10498| [13552] Apache HTTP Server mod_cgid module information disclosure
10499| [13550] Apache GET request directory traversal
10500| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10501| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10502| [13429] Apache Tomcat non-HTTP request denial of service
10503| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10504| [13295] Apache weak password encryption
10505| [13254] Apache Tomcat .jsp cross-site scripting
10506| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10507| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10508| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10509| [12662] Apache HTTP Server rotatelogs denial of service
10510| [12554] Apache Tomcat stores password in plain text
10511| [12553] Apache HTTP Server redirects and subrequests denial of service
10512| [12552] Apache HTTP Server FTP proxy server denial of service
10513| [12551] Apache HTTP Server prefork MPM denial of service
10514| [12550] Apache HTTP Server weaker than expected encryption
10515| [12549] Apache HTTP Server type-map file denial of service
10516| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10517| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10518| [12091] Apache HTTP Server apr_password_validate denial of service
10519| [12090] Apache HTTP Server apr_psprintf code execution
10520| [11804] Apache HTTP Server mod_access_referer denial of service
10521| [11750] Apache HTTP Server could leak sensitive file descriptors
10522| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10523| [11703] Apache long slash path allows directory listing
10524| [11695] Apache HTTP Server LF (Line Feed) denial of service
10525| [11694] Apache HTTP Server filestat.c denial of service
10526| [11438] Apache HTTP Server MIME message boundaries information disclosure
10527| [11412] Apache HTTP Server error log terminal escape sequence injection
10528| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10529| [11195] Apache Tomcat web.xml could be used to read files
10530| [11194] Apache Tomcat URL appended with a null character could list directories
10531| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10532| [11126] Apache HTTP Server illegal character file disclosure
10533| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10534| [11124] Apache HTTP Server DOS device name denial of service
10535| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10536| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10537| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10538| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10539| [10499] Apache HTTP Server WebDAV HTTP POST view source
10540| [10457] Apache HTTP Server mod_ssl "
10541| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10542| [10414] Apache HTTP Server htdigest multiple buffer overflows
10543| [10413] Apache HTTP Server htdigest temporary file race condition
10544| [10412] Apache HTTP Server htpasswd temporary file race condition
10545| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10546| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10547| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10548| [10280] Apache HTTP Server shared memory scorecard overwrite
10549| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10550| [10241] Apache HTTP Server Host: header cross-site scripting
10551| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10552| [10208] Apache HTTP Server mod_dav denial of service
10553| [10206] HP VVOS Apache mod_ssl denial of service
10554| [10200] Apache HTTP Server stderr denial of service
10555| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10556| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10557| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10558| [10098] Slapper worm targets OpenSSL/Apache systems
10559| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10560| [9875] Apache HTTP Server .var file request could disclose installation path
10561| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10562| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10563| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10564| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10565| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10566| [9396] Apache Tomcat null character to threads denial of service
10567| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10568| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10569| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10570| [8932] Apache Tomcat example class information disclosure
10571| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10572| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10573| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10574| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10575| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10576| [8400] Apache HTTP Server mod_frontpage buffer overflows
10577| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10578| [8308] Apache "
10579| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10580| [8119] Apache and PHP OPTIONS request reveals "
10581| [8054] Apache is running on the system
10582| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10583| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10584| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10585| [7836] Apache HTTP Server log directory denial of service
10586| [7815] Apache for Windows "
10587| [7810] Apache HTTP request could result in unexpected behavior
10588| [7599] Apache Tomcat reveals installation path
10589| [7494] Apache "
10590| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10591| [7363] Apache Web Server hidden HTTP requests
10592| [7249] Apache mod_proxy denial of service
10593| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10594| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10595| [7059] Apache "
10596| [7057] Apache "
10597| [7056] Apache "
10598| [7055] Apache "
10599| [7054] Apache "
10600| [6997] Apache Jakarta Tomcat error message may reveal information
10601| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10602| [6970] Apache crafted HTTP request could reveal the internal IP address
10603| [6921] Apache long slash path allows directory listing
10604| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10605| [6527] Apache Web Server for Windows and OS2 denial of service
10606| [6316] Apache Jakarta Tomcat may reveal JSP source code
10607| [6305] Apache Jakarta Tomcat directory traversal
10608| [5926] Linux Apache symbolic link
10609| [5659] Apache Web server discloses files when used with php script
10610| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10611| [5204] Apache WebDAV directory listings
10612| [5197] Apache Web server reveals CGI script source code
10613| [5160] Apache Jakarta Tomcat default installation
10614| [5099] Trustix Secure Linux installs Apache with world writable access
10615| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10616| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10617| [4931] Apache source.asp example file allows users to write to files
10618| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10619| [4205] Apache Jakarta Tomcat delivers file contents
10620| [2084] Apache on Debian by default serves the /usr/doc directory
10621| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10622| [697] Apache HTTP server beck exploit
10623| [331] Apache cookies buffer overflow
10624|
10625| Exploit-DB - https://www.exploit-db.com:
10626| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10627| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10628| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10629| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10630| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10631| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10632| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10633| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10634| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10635| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10636| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10637| [29859] Apache Roller OGNL Injection
10638| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10639| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10640| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10641| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10642| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10643| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10644| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10645| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10646| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10647| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10648| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10649| [27096] Apache Geronimo 1.0 Error Page XSS
10650| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10651| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10652| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10653| [25986] Plesk Apache Zeroday Remote Exploit
10654| [25980] Apache Struts includeParams Remote Code Execution
10655| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10656| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10657| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10658| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10659| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10660| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10661| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10662| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10663| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10664| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10665| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10666| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10667| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10668| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10669| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10670| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10671| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10672| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10673| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10674| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10675| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10676| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10677| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10678| [21719] Apache 2.0 Path Disclosure Vulnerability
10679| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10680| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10681| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10682| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10683| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10684| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10685| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10686| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10687| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10688| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10689| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10690| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10691| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10692| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10693| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10694| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10695| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10696| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10697| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10698| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10699| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10700| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10701| [20558] Apache 1.2 Web Server DoS Vulnerability
10702| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10703| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10704| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10705| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10706| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10707| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10708| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10709| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10710| [19231] PHP apache_request_headers Function Buffer Overflow
10711| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10712| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10713| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10714| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10715| [18442] Apache httpOnly Cookie Disclosure
10716| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10717| [18221] Apache HTTP Server Denial of Service
10718| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10719| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10720| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10721| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10722| [16782] Apache Win32 Chunked Encoding
10723| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10724| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10725| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10726| [15319] Apache 2.2 (Windows) Local Denial of Service
10727| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10728| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10729| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10730| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10731| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10732| [12330] Apache OFBiz - Multiple XSS
10733| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10734| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10735| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10736| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10737| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10738| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10739| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10740| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10741| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10742| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10743| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10744| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10745| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10746| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
10747| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
10748| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
10749| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
10750| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
10751| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
10752| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
10753| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
10754| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
10755| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
10756| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
10757| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
10758| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
10759| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
10760| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
10761| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
10762| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
10763| [466] htpasswd Apache 1.3.31 - Local Exploit
10764| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
10765| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
10766| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
10767| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
10768| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
10769| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
10770| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
10771| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
10772| [9] Apache HTTP Server 2.x Memory Leak Exploit
10773|
10774| OpenVAS (Nessus) - http://www.openvas.org:
10775| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
10776| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
10777| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10778| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
10779| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
10780| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10781| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10782| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
10783| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
10784| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
10785| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
10786| [900571] Apache APR-Utils Version Detection
10787| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
10788| [900496] Apache Tiles Multiple XSS Vulnerability
10789| [900493] Apache Tiles Version Detection
10790| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
10791| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
10792| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
10793| [870175] RedHat Update for apache RHSA-2008:0004-01
10794| [864591] Fedora Update for apache-poi FEDORA-2012-10835
10795| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
10796| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
10797| [864250] Fedora Update for apache-poi FEDORA-2012-7683
10798| [864249] Fedora Update for apache-poi FEDORA-2012-7686
10799| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
10800| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
10801| [855821] Solaris Update for Apache 1.3 122912-19
10802| [855812] Solaris Update for Apache 1.3 122911-19
10803| [855737] Solaris Update for Apache 1.3 122911-17
10804| [855731] Solaris Update for Apache 1.3 122912-17
10805| [855695] Solaris Update for Apache 1.3 122911-16
10806| [855645] Solaris Update for Apache 1.3 122912-16
10807| [855587] Solaris Update for kernel update and Apache 108529-29
10808| [855566] Solaris Update for Apache 116973-07
10809| [855531] Solaris Update for Apache 116974-07
10810| [855524] Solaris Update for Apache 2 120544-14
10811| [855494] Solaris Update for Apache 1.3 122911-15
10812| [855478] Solaris Update for Apache Security 114145-11
10813| [855472] Solaris Update for Apache Security 113146-12
10814| [855179] Solaris Update for Apache 1.3 122912-15
10815| [855147] Solaris Update for kernel update and Apache 108528-29
10816| [855077] Solaris Update for Apache 2 120543-14
10817| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
10818| [850088] SuSE Update for apache2 SUSE-SA:2007:061
10819| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
10820| [841209] Ubuntu Update for apache2 USN-1627-1
10821| [840900] Ubuntu Update for apache2 USN-1368-1
10822| [840798] Ubuntu Update for apache2 USN-1259-1
10823| [840734] Ubuntu Update for apache2 USN-1199-1
10824| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
10825| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
10826| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
10827| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
10828| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
10829| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
10830| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
10831| [835253] HP-UX Update for Apache Web Server HPSBUX02645
10832| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
10833| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
10834| [835236] HP-UX Update for Apache with PHP HPSBUX02543
10835| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
10836| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
10837| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
10838| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
10839| [835188] HP-UX Update for Apache HPSBUX02308
10840| [835181] HP-UX Update for Apache With PHP HPSBUX02332
10841| [835180] HP-UX Update for Apache with PHP HPSBUX02342
10842| [835172] HP-UX Update for Apache HPSBUX02365
10843| [835168] HP-UX Update for Apache HPSBUX02313
10844| [835148] HP-UX Update for Apache HPSBUX01064
10845| [835139] HP-UX Update for Apache with PHP HPSBUX01090
10846| [835131] HP-UX Update for Apache HPSBUX00256
10847| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
10848| [835104] HP-UX Update for Apache HPSBUX00224
10849| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
10850| [835101] HP-UX Update for Apache HPSBUX01232
10851| [835080] HP-UX Update for Apache HPSBUX02273
10852| [835078] HP-UX Update for ApacheStrong HPSBUX00255
10853| [835044] HP-UX Update for Apache HPSBUX01019
10854| [835040] HP-UX Update for Apache PHP HPSBUX00207
10855| [835025] HP-UX Update for Apache HPSBUX00197
10856| [835023] HP-UX Update for Apache HPSBUX01022
10857| [835022] HP-UX Update for Apache HPSBUX02292
10858| [835005] HP-UX Update for Apache HPSBUX02262
10859| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
10860| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
10861| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
10862| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
10863| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
10864| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
10865| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
10866| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
10867| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
10868| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
10869| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
10870| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
10871| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
10872| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
10873| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
10874| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
10875| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
10876| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
10877| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
10878| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
10879| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
10880| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
10881| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
10882| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
10883| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
10884| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
10885| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
10886| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
10887| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
10888| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
10889| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10890| [801942] Apache Archiva Multiple Vulnerabilities
10891| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
10892| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
10893| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
10894| [801284] Apache Derby Information Disclosure Vulnerability
10895| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
10896| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
10897| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
10898| [800680] Apache APR Version Detection
10899| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10900| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10901| [800677] Apache Roller Version Detection
10902| [800279] Apache mod_jk Module Version Detection
10903| [800278] Apache Struts Cross Site Scripting Vulnerability
10904| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
10905| [800276] Apache Struts Version Detection
10906| [800271] Apache Struts Directory Traversal Vulnerability
10907| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
10908| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10909| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10910| [103122] Apache Web Server ETag Header Information Disclosure Weakness
10911| [103074] Apache Continuum Cross Site Scripting Vulnerability
10912| [103073] Apache Continuum Detection
10913| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10914| [101023] Apache Open For Business Weak Password security check
10915| [101020] Apache Open For Business HTML injection vulnerability
10916| [101019] Apache Open For Business service detection
10917| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
10918| [100923] Apache Archiva Detection
10919| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10920| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10921| [100813] Apache Axis2 Detection
10922| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10923| [100795] Apache Derby Detection
10924| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
10925| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10926| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10927| [100514] Apache Multiple Security Vulnerabilities
10928| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10929| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10930| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10931| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10932| [72626] Debian Security Advisory DSA 2579-1 (apache2)
10933| [72612] FreeBSD Ports: apache22
10934| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
10935| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
10936| [71512] FreeBSD Ports: apache
10937| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
10938| [71256] Debian Security Advisory DSA 2452-1 (apache2)
10939| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
10940| [70737] FreeBSD Ports: apache
10941| [70724] Debian Security Advisory DSA 2405-1 (apache2)
10942| [70600] FreeBSD Ports: apache
10943| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
10944| [70235] Debian Security Advisory DSA 2298-2 (apache2)
10945| [70233] Debian Security Advisory DSA 2298-1 (apache2)
10946| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
10947| [69338] Debian Security Advisory DSA 2202-1 (apache2)
10948| [67868] FreeBSD Ports: apache
10949| [66816] FreeBSD Ports: apache
10950| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
10951| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
10952| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
10953| [66081] SLES11: Security update for Apache 2
10954| [66074] SLES10: Security update for Apache 2
10955| [66070] SLES9: Security update for Apache 2
10956| [65998] SLES10: Security update for apache2-mod_python
10957| [65893] SLES10: Security update for Apache 2
10958| [65888] SLES10: Security update for Apache 2
10959| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
10960| [65510] SLES9: Security update for Apache 2
10961| [65472] SLES9: Security update for Apache
10962| [65467] SLES9: Security update for Apache
10963| [65450] SLES9: Security update for apache2
10964| [65390] SLES9: Security update for Apache2
10965| [65363] SLES9: Security update for Apache2
10966| [65309] SLES9: Security update for Apache and mod_ssl
10967| [65296] SLES9: Security update for webdav apache module
10968| [65283] SLES9: Security update for Apache2
10969| [65249] SLES9: Security update for Apache 2
10970| [65230] SLES9: Security update for Apache 2
10971| [65228] SLES9: Security update for Apache 2
10972| [65212] SLES9: Security update for apache2-mod_python
10973| [65209] SLES9: Security update for apache2-worker
10974| [65207] SLES9: Security update for Apache 2
10975| [65168] SLES9: Security update for apache2-mod_python
10976| [65142] SLES9: Security update for Apache2
10977| [65136] SLES9: Security update for Apache 2
10978| [65132] SLES9: Security update for apache
10979| [65131] SLES9: Security update for Apache 2 oes/CORE
10980| [65113] SLES9: Security update for apache2
10981| [65072] SLES9: Security update for apache and mod_ssl
10982| [65017] SLES9: Security update for Apache 2
10983| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
10984| [64783] FreeBSD Ports: apache
10985| [64774] Ubuntu USN-802-2 (apache2)
10986| [64653] Ubuntu USN-813-2 (apache2)
10987| [64559] Debian Security Advisory DSA 1834-2 (apache2)
10988| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
10989| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
10990| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
10991| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
10992| [64443] Ubuntu USN-802-1 (apache2)
10993| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
10994| [64423] Debian Security Advisory DSA 1834-1 (apache2)
10995| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
10996| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
10997| [64251] Debian Security Advisory DSA 1816-1 (apache2)
10998| [64201] Ubuntu USN-787-1 (apache2)
10999| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11000| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11001| [63565] FreeBSD Ports: apache
11002| [63562] Ubuntu USN-731-1 (apache2)
11003| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11004| [61185] FreeBSD Ports: apache
11005| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11006| [60387] Slackware Advisory SSA:2008-045-02 apache
11007| [58826] FreeBSD Ports: apache-tomcat
11008| [58825] FreeBSD Ports: apache-tomcat
11009| [58804] FreeBSD Ports: apache
11010| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11011| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11012| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11013| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11014| [57335] Debian Security Advisory DSA 1167-1 (apache)
11015| [57201] Debian Security Advisory DSA 1131-1 (apache)
11016| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11017| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11018| [57145] FreeBSD Ports: apache
11019| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11020| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11021| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11022| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11023| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11024| [56067] FreeBSD Ports: apache
11025| [55803] Slackware Advisory SSA:2005-310-04 apache
11026| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11027| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11028| [55355] FreeBSD Ports: apache
11029| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11030| [55261] Debian Security Advisory DSA 805-1 (apache2)
11031| [55259] Debian Security Advisory DSA 803-1 (apache)
11032| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11033| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11034| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11035| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11036| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11037| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11038| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11039| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11040| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11041| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11042| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11043| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11044| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11045| [54439] FreeBSD Ports: apache
11046| [53931] Slackware Advisory SSA:2004-133-01 apache
11047| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11048| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11049| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11050| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11051| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11052| [53848] Debian Security Advisory DSA 131-1 (apache)
11053| [53784] Debian Security Advisory DSA 021-1 (apache)
11054| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11055| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11056| [53735] Debian Security Advisory DSA 187-1 (apache)
11057| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11058| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11059| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11060| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11061| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11062| [53282] Debian Security Advisory DSA 594-1 (apache)
11063| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11064| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11065| [53215] Debian Security Advisory DSA 525-1 (apache)
11066| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11067| [52529] FreeBSD Ports: apache+ssl
11068| [52501] FreeBSD Ports: apache
11069| [52461] FreeBSD Ports: apache
11070| [52390] FreeBSD Ports: apache
11071| [52389] FreeBSD Ports: apache
11072| [52388] FreeBSD Ports: apache
11073| [52383] FreeBSD Ports: apache
11074| [52339] FreeBSD Ports: apache+mod_ssl
11075| [52331] FreeBSD Ports: apache
11076| [52329] FreeBSD Ports: ru-apache+mod_ssl
11077| [52314] FreeBSD Ports: apache
11078| [52310] FreeBSD Ports: apache
11079| [15588] Detect Apache HTTPS
11080| [15555] Apache mod_proxy content-length buffer overflow
11081| [15554] Apache mod_include priviledge escalation
11082| [14771] Apache <= 1.3.33 htpasswd local overflow
11083| [14177] Apache mod_access rule bypass
11084| [13644] Apache mod_rootme Backdoor
11085| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11086| [12280] Apache Connection Blocking Denial of Service
11087| [12239] Apache Error Log Escape Sequence Injection
11088| [12123] Apache Tomcat source.jsp malformed request information disclosure
11089| [12085] Apache Tomcat servlet/JSP container default files
11090| [11438] Apache Tomcat Directory Listing and File disclosure
11091| [11204] Apache Tomcat Default Accounts
11092| [11092] Apache 2.0.39 Win32 directory traversal
11093| [11046] Apache Tomcat TroubleShooter Servlet Installed
11094| [11042] Apache Tomcat DOS Device Name XSS
11095| [11041] Apache Tomcat /servlet Cross Site Scripting
11096| [10938] Apache Remote Command Execution via .bat files
11097| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11098| [10773] MacOS X Finder reveals contents of Apache Web files
11099| [10766] Apache UserDir Sensitive Information Disclosure
11100| [10756] MacOS X Finder reveals contents of Apache Web directories
11101| [10752] Apache Auth Module SQL Insertion Attack
11102| [10704] Apache Directory Listing
11103| [10678] Apache /server-info accessible
11104| [10677] Apache /server-status accessible
11105| [10440] Check for Apache Multiple / vulnerability
11106|
11107| SecurityTracker - https://www.securitytracker.com:
11108| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11109| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11110| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11111| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11112| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11113| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11114| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11115| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11116| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11117| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11118| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11119| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11120| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11121| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11122| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11123| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11124| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11125| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11126| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11127| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11128| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11129| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11130| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11131| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11132| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11133| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11134| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11135| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11136| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11137| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11138| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11139| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11140| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11141| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11142| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11143| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11144| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11145| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11146| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11147| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11148| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11149| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11150| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11151| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11152| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11153| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11154| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11155| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11156| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11157| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11158| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11159| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11160| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11161| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11162| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11163| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11164| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11165| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11166| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11167| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11168| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11169| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11170| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11171| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11172| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11173| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11174| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11175| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11176| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11177| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11178| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11179| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11180| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11181| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11182| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11183| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11184| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11185| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11186| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11187| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11188| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11189| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11190| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11191| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11192| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11193| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11194| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11195| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11196| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11197| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11198| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11199| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11200| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11201| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11202| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11203| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11204| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11205| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11206| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11207| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11208| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11209| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11210| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11211| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11212| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11213| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11214| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11215| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11216| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11217| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11218| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11219| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11220| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11221| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11222| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11223| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11224| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11225| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11226| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11227| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11228| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11229| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11230| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11231| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11232| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11233| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11234| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11235| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11236| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11237| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11238| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11239| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11240| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11241| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11242| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11243| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11244| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11245| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11246| [1008920] Apache mod_digest May Validate Replayed Client Responses
11247| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11248| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11249| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11250| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11251| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11252| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11253| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11254| [1008029] Apache mod_alias Contains a Buffer Overflow
11255| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11256| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11257| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11258| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11259| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11260| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11261| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11262| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11263| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11264| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11265| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11266| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11267| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11268| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11269| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11270| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11271| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11272| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11273| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11274| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11275| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11276| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11277| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11278| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11279| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11280| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11281| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11282| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11283| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11284| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11285| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11286| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11287| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11288| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11289| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11290| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11291| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11292| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11293| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11294| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11295| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11296| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11297| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11298| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11299| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11300| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11301| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11302| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11303| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11304| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11305| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11306| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11307| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11308| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11309| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11310| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11311|
11312| OSVDB - http://www.osvdb.org:
11313| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11314| [96077] Apache CloudStack Global Settings Multiple Field XSS
11315| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11316| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11317| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11318| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11319| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11320| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11321| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11322| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11323| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11324| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11325| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11326| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11327| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11328| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11329| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11330| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11331| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11332| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11333| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11334| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11335| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11336| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11337| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11338| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11339| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11340| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11341| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11342| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11343| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11344| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11345| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11346| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11347| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11348| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11349| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11350| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11351| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11352| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11353| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11354| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11355| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11356| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11357| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11358| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11359| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11360| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11361| [94279] Apache Qpid CA Certificate Validation Bypass
11362| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11363| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11364| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11365| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11366| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11367| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11368| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11369| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11370| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11371| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11372| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11373| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11374| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11375| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11376| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11377| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11378| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11379| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11380| [93541] Apache Solr json.wrf Callback XSS
11381| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11382| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11383| [93520] Apache CloudStack Default SSL Key Weakness
11384| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11385| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11386| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11387| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11388| [93515] Apache HBase table.jsp name Parameter XSS
11389| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11390| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11391| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11392| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11393| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11394| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11395| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11396| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11397| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11398| [93252] Apache Tomcat FORM Authenticator Session Fixation
11399| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11400| [93171] Apache Sling HtmlResponse Error Message XSS
11401| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11402| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11403| [93168] Apache Click ErrorReport.java id Parameter XSS
11404| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11405| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11406| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11407| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11408| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11409| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11410| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11411| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11412| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11413| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11414| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11415| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11416| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11417| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11418| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11419| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11420| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11421| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11422| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11423| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11424| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11425| [93144] Apache Solr Admin Command Execution CSRF
11426| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11427| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11428| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11429| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11430| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11431| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11432| [92748] Apache CloudStack VM Console Access Restriction Bypass
11433| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11434| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11435| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11436| [92706] Apache ActiveMQ Debug Log Rendering XSS
11437| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11438| [92270] Apache Tomcat Unspecified CSRF
11439| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11440| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11441| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11442| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11443| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11444| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11445| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11446| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11447| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11448| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11449| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11450| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11451| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11452| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11453| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11454| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11455| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11456| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11457| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11458| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11459| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11460| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11461| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11462| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11463| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11464| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11465| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11466| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11467| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11468| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11469| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11470| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11471| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11472| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11473| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11474| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11475| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11476| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11477| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11478| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11479| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11480| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11481| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11482| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11483| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11484| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11485| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11486| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11487| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11488| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11489| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11490| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11491| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11492| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11493| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11494| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11495| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11496| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11497| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11498| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11499| [86901] Apache Tomcat Error Message Path Disclosure
11500| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11501| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11502| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11503| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11504| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11505| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11506| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11507| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11508| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11509| [85430] Apache mod_pagespeed Module Unspecified XSS
11510| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11511| [85249] Apache Wicket Unspecified XSS
11512| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11513| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11514| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11515| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11516| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11517| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11518| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11519| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11520| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11521| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11522| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11523| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11524| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11525| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11526| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11527| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11528| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11529| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11530| [83339] Apache Roller Blogger Roll Unspecified XSS
11531| [83270] Apache Roller Unspecified Admin Action CSRF
11532| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11533| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11534| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11535| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11536| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11537| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11538| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11539| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11540| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11541| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11542| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11543| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11544| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11545| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11546| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11547| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11548| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11549| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11550| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11551| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11552| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11553| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11554| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11555| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11556| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11557| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11558| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11559| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11560| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11561| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11562| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11563| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11564| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11565| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11566| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11567| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11568| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11569| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11570| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11571| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11572| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11573| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11574| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11575| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11576| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11577| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11578| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11579| [77593] Apache Struts Conversion Error OGNL Expression Injection
11580| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11581| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11582| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11583| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11584| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11585| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11586| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11587| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11588| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11589| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11590| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11591| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11592| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11593| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11594| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11595| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11596| [74725] Apache Wicket Multi Window Support Unspecified XSS
11597| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11598| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11599| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11600| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11601| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11602| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11603| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11604| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11605| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11606| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11607| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11608| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11609| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11610| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11611| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11612| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11613| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11614| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11615| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11616| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11617| [73154] Apache Archiva Multiple Unspecified CSRF
11618| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11619| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11620| [72238] Apache Struts Action / Method Names <
11621| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11622| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11623| [71557] Apache Tomcat HTML Manager Multiple XSS
11624| [71075] Apache Archiva User Management Page XSS
11625| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11626| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11627| [70924] Apache Continuum Multiple Admin Function CSRF
11628| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11629| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11630| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11631| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11632| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11633| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11634| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11635| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11636| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11637| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11638| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11639| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11640| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11641| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11642| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11643| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11644| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11645| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11646| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11647| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11648| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11649| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11650| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11651| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11652| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11653| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11654| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11655| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11656| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11657| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11658| [65054] Apache ActiveMQ Jetty Error Handler XSS
11659| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11660| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11661| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11662| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11663| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11664| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11665| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11666| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11667| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11668| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11669| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11670| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11671| [63895] Apache HTTP Server mod_headers Unspecified Issue
11672| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11673| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11674| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11675| [63140] Apache Thrift Service Malformed Data Remote DoS
11676| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11677| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11678| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11679| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11680| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11681| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11682| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11683| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11684| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11685| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11686| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11687| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11688| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11689| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11690| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11691| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11692| [60678] Apache Roller Comment Email Notification Manipulation DoS
11693| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11694| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11695| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11696| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11697| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11698| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11699| [60232] PHP on Apache php.exe Direct Request Remote DoS
11700| [60176] Apache Tomcat Windows Installer Admin Default Password
11701| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11702| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11703| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11704| [59944] Apache Hadoop jobhistory.jsp XSS
11705| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11706| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11707| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11708| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11709| [59019] Apache mod_python Cookie Salting Weakness
11710| [59018] Apache Harmony Error Message Handling Overflow
11711| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11712| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11713| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11714| [59010] Apache Solr get-file.jsp XSS
11715| [59009] Apache Solr action.jsp XSS
11716| [59008] Apache Solr analysis.jsp XSS
11717| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11718| [59006] Apache Beehive select / checkbox Tag XSS
11719| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11720| [59004] Apache Beehive Error Message XSS
11721| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11722| [59002] Apache Jetspeed default-page.psml URI XSS
11723| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11724| [59000] Apache CXF Unsigned Message Policy Bypass
11725| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11726| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11727| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11728| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11729| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11730| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11731| [58993] Apache Hadoop browseBlock.jsp XSS
11732| [58991] Apache Hadoop browseDirectory.jsp XSS
11733| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11734| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11735| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11736| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11737| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11738| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11739| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11740| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11741| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11742| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11743| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11744| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11745| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
11746| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
11747| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
11748| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
11749| [58974] Apache Sling /apps Script User Session Management Access Weakness
11750| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
11751| [58931] Apache Geronimo Cookie Parameters Validation Weakness
11752| [58930] Apache Xalan-C++ XPath Handling Remote DoS
11753| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
11754| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
11755| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
11756| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
11757| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
11758| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
11759| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
11760| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
11761| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
11762| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
11763| [58805] Apache Derby Unauthenticated Database / Admin Access
11764| [58804] Apache Wicket Header Contribution Unspecified Issue
11765| [58803] Apache Wicket Session Fixation
11766| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
11767| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
11768| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
11769| [58799] Apache Tapestry Logging Cleartext Password Disclosure
11770| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
11771| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
11772| [58796] Apache Jetspeed Unsalted Password Storage Weakness
11773| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
11774| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
11775| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
11776| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
11777| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
11778| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
11779| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
11780| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
11781| [58775] Apache JSPWiki preview.jsp action Parameter XSS
11782| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11783| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
11784| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
11785| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
11786| [58770] Apache JSPWiki Group.jsp group Parameter XSS
11787| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
11788| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
11789| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
11790| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
11791| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11792| [58763] Apache JSPWiki Include Tag Multiple Script XSS
11793| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
11794| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
11795| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
11796| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
11797| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
11798| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
11799| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
11800| [58755] Apache Harmony DRLVM Non-public Class Member Access
11801| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
11802| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
11803| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
11804| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
11805| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
11806| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
11807| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
11808| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
11809| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
11810| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
11811| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
11812| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
11813| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
11814| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
11815| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
11816| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
11817| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
11818| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
11819| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
11820| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
11821| [58725] Apache Tapestry Basic String ACL Bypass Weakness
11822| [58724] Apache Roller Logout Functionality Failure Session Persistence
11823| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
11824| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
11825| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
11826| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
11827| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
11828| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
11829| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
11830| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
11831| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
11832| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
11833| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
11834| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
11835| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
11836| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
11837| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
11838| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
11839| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
11840| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
11841| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
11842| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
11843| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
11844| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
11845| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
11846| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
11847| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
11848| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
11849| [58687] Apache Axis Invalid wsdl Request XSS
11850| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
11851| [58685] Apache Velocity Template Designer Privileged Code Execution
11852| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
11853| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
11854| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
11855| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
11856| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
11857| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
11858| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
11859| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
11860| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
11861| [58667] Apache Roller Database Cleartext Passwords Disclosure
11862| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
11863| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
11864| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
11865| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
11866| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
11867| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
11868| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
11869| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
11870| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
11871| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
11872| [56984] Apache Xerces2 Java Malformed XML Input DoS
11873| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
11874| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
11875| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
11876| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
11877| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
11878| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
11879| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
11880| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
11881| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
11882| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
11883| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
11884| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
11885| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
11886| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
11887| [55056] Apache Tomcat Cross-application TLD File Manipulation
11888| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
11889| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
11890| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
11891| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
11892| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
11893| [54589] Apache Jserv Nonexistent JSP Request XSS
11894| [54122] Apache Struts s:a / s:url Tag href Element XSS
11895| [54093] Apache ActiveMQ Web Console JMS Message XSS
11896| [53932] Apache Geronimo Multiple Admin Function CSRF
11897| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
11898| [53930] Apache Geronimo /console/portal/ URI XSS
11899| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
11900| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
11901| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
11902| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
11903| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
11904| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
11905| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
11906| [53380] Apache Struts Unspecified XSS
11907| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
11908| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
11909| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
11910| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
11911| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
11912| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
11913| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
11914| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
11915| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
11916| [51151] Apache Roller Search Function q Parameter XSS
11917| [50482] PHP with Apache php_value Order Unspecified Issue
11918| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
11919| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
11920| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
11921| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
11922| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
11923| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
11924| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
11925| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
11926| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
11927| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
11928| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
11929| [47096] Oracle Weblogic Apache Connector POST Request Overflow
11930| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
11931| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
11932| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
11933| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
11934| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
11935| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
11936| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
11937| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
11938| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
11939| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
11940| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
11941| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
11942| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
11943| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
11944| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
11945| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
11946| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
11947| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
11948| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
11949| [43452] Apache Tomcat HTTP Request Smuggling
11950| [43309] Apache Geronimo LoginModule Login Method Bypass
11951| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
11952| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
11953| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
11954| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
11955| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
11956| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
11957| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
11958| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
11959| [42091] Apache Maven Site Plugin Installation Permission Weakness
11960| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
11961| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
11962| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
11963| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
11964| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
11965| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
11966| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
11967| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
11968| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
11969| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
11970| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
11971| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
11972| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
11973| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
11974| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
11975| [40262] Apache HTTP Server mod_status refresh XSS
11976| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
11977| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
11978| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
11979| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
11980| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
11981| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
11982| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
11983| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
11984| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
11985| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
11986| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
11987| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
11988| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
11989| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
11990| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
11991| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
11992| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
11993| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
11994| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
11995| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
11996| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
11997| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
11998| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
11999| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12000| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12001| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12002| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12003| [36079] Apache Tomcat Manager Uploaded Filename XSS
12004| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12005| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12006| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12007| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12008| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12009| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12010| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12011| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12012| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12013| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12014| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12015| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12016| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12017| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12018| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12019| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12020| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12021| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12022| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12023| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12024| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12025| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12026| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12027| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12028| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12029| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12030| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12031| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12032| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12033| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12034| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12035| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12036| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12037| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12038| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12039| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12040| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12041| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12042| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12043| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12044| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12045| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12046| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12047| [24365] Apache Struts Multiple Function Error Message XSS
12048| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12049| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12050| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12051| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12052| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12053| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12054| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12055| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12056| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12057| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12058| [22459] Apache Geronimo Error Page XSS
12059| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12060| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12061| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12062| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12063| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12064| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12065| [21021] Apache Struts Error Message XSS
12066| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12067| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12068| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12069| [20439] Apache Tomcat Directory Listing Saturation DoS
12070| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12071| [20285] Apache HTTP Server Log File Control Character Injection
12072| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12073| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12074| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12075| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12076| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12077| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12078| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12079| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12080| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12081| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12082| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12083| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12084| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12085| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12086| [18233] Apache HTTP Server htdigest user Variable Overfow
12087| [17738] Apache HTTP Server HTTP Request Smuggling
12088| [16586] Apache HTTP Server Win32 GET Overflow DoS
12089| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12090| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12091| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12092| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12093| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12094| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12095| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12096| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12097| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12098| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12099| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12100| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12101| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12102| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12103| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12104| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12105| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12106| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12107| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12108| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12109| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12110| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12111| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12112| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12113| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12114| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12115| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12116| [13304] Apache Tomcat realPath.jsp Path Disclosure
12117| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12118| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12119| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12120| [12848] Apache HTTP Server htdigest realm Variable Overflow
12121| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12122| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12123| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12124| [12557] Apache HTTP Server prefork MPM accept Error DoS
12125| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12126| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12127| [12231] Apache Tomcat web.xml Arbitrary File Access
12128| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12129| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12130| [12178] Apache Jakarta Lucene results.jsp XSS
12131| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12132| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12133| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12134| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12135| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12136| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12137| [10471] Apache Xerces-C++ XML Parser DoS
12138| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12139| [10068] Apache HTTP Server htpasswd Local Overflow
12140| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12141| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12142| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12143| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12144| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12145| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12146| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12147| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12148| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12149| [9714] Apache Authentication Module Threaded MPM DoS
12150| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12151| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12152| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12153| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12154| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12155| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12156| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12157| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12158| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12159| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12160| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12161| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12162| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12163| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12164| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12165| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12166| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12167| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12168| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12169| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12170| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12171| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12172| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12173| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12174| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12175| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12176| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12177| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12178| [9208] Apache Tomcat .jsp Encoded Newline XSS
12179| [9204] Apache Tomcat ROOT Application XSS
12180| [9203] Apache Tomcat examples Application XSS
12181| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12182| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12183| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12184| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12185| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12186| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12187| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12188| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12189| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12190| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12191| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12192| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12193| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12194| [7611] Apache HTTP Server mod_alias Local Overflow
12195| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12196| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12197| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12198| [6882] Apache mod_python Malformed Query String Variant DoS
12199| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12200| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12201| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12202| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12203| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12204| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12205| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12206| [5278] Apache Tomcat web.xml Restriction Bypass
12207| [5051] Apache Tomcat Null Character DoS
12208| [4973] Apache Tomcat servlet Mapping XSS
12209| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12210| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12211| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12212| [4568] mod_survey For Apache ENV Tags SQL Injection
12213| [4553] Apache HTTP Server ApacheBench Overflow DoS
12214| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12215| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12216| [4383] Apache HTTP Server Socket Race Condition DoS
12217| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12218| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12219| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12220| [4231] Apache Cocoon Error Page Server Path Disclosure
12221| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12222| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12223| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12224| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12225| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12226| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12227| [3322] mod_php for Apache HTTP Server Process Hijack
12228| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12229| [2885] Apache mod_python Malformed Query String DoS
12230| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12231| [2733] Apache HTTP Server mod_rewrite Local Overflow
12232| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12233| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12234| [2149] Apache::Gallery Privilege Escalation
12235| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12236| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12237| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12238| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12239| [872] Apache Tomcat Multiple Default Accounts
12240| [862] Apache HTTP Server SSI Error Page XSS
12241| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12242| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12243| [845] Apache Tomcat MSDOS Device XSS
12244| [844] Apache Tomcat Java Servlet Error Page XSS
12245| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12246| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12247| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12248| [775] Apache mod_python Module Importing Privilege Function Execution
12249| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12250| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12251| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12252| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12253| [637] Apache HTTP Server UserDir Directive Username Enumeration
12254| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12255| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12256| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12257| [561] Apache Web Servers mod_status /server-status Information Disclosure
12258| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12259| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12260| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12261| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12262| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12263| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12264| [376] Apache Tomcat contextAdmin Arbitrary File Access
12265| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12266| [222] Apache HTTP Server test-cgi Arbitrary File Access
12267| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12268| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12269|_
12270445/tcp closed microsoft-ds conn-refused
12271Device type: general purpose|WAP
12272Running (JUST GUESSING): Linux 2.6.X (90%), Netgear embedded (85%)
12273OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:netgear:wnr834bv2
12274OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
12275Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (90%), Netgear WNR834Bv2 WAP (85%)
12276No exact OS matches for host (test conditions non-ideal).
12277TCP/IP fingerprint:
12278SCAN(V=7.70%E=4%D=8/10%OT=80%CT=25%CU=%PV=N%G=N%TM=5D4F8BB5%P=x86_64-pc-linux-gnu)
12279SEQ(SP=FD%GCD=1%ISR=10E%TI=RD%CI=Z%TS=A)
12280OPS(O1=M44FNNT11SLL%O2=M44FNNT11SLL%O3=M44FNNT11%O4=M44FNNT11SLL%O5=M44FNNT11SLL%O6=M44FNNT11SLL)
12281WIN(W1=CED%W2=CED%W3=780%W4=648%W5=648%W6=31B)
12282ECN(R=Y%DF=Y%TG=FF%W=CED%O=M44FSLL%CC=N%Q=)
12283T1(R=Y%DF=Y%TG=FF%S=O%A=S+%F=AS%RD=0%Q=)
12284T2(R=N)
12285T3(R=N)
12286T4(R=N)
12287T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
12288T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
12289T7(R=N)
12290U1(R=N)
12291IE(R=N)
12292
12293Uptime guess: 24.560 days (since Wed Jul 17 10:03:47 2019)
12294TCP Sequence Prediction: Difficulty=259 (Good luck!)
12295IP ID Sequence Generation: Randomized
12296
12297TRACEROUTE (using proto 1/icmp)
12298HOP RTT ADDRESS
122991 202.68 ms 10.242.200.1
123002 203.45 ms 185.242.4.145
123013 202.82 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
123024 216.69 ms 61.120.144.233
123035 203.68 ms ae-10.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.5.50)
123046 205.13 ms ae-18.r31.tokyjp05.jp.bb.gin.ntt.net (129.250.6.128)
123057 197.75 ms ae-3.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.3.56)
123068 ...
123079 429.05 ms ae-1-3114.edge5.London1.Level3.net (4.69.148.218)
1230810 437.92 ms unknown.Level3.net (212.187.138.206)
1230911 509.04 ms 151.248.96.76
1231012 514.86 ms 151.248.96.76
1231113 511.99 ms 151.248.98.130
1231214 520.58 ms 10.169.0.10
1231315 522.16 ms 10.240.3.241
1231416 ... 30
12315
12316NSE: Script Post-scanning.
12317NSE: Starting runlevel 1 (of 2) scan.
12318Initiating NSE at 23:29
12319Completed NSE at 23:29, 0.00s elapsed
12320NSE: Starting runlevel 2 (of 2) scan.
12321Initiating NSE at 23:29
12322Completed NSE at 23:29, 0.00s elapsed
12323Read data files from: /usr/bin/../share/nmap
12324#######################################################################################################################################
12325Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-10 23:29 EDT
12326NSE: Loaded 45 scripts for scanning.
12327NSE: Script Pre-scanning.
12328Initiating NSE at 23:29
12329Completed NSE at 23:29, 0.00s elapsed
12330Initiating NSE at 23:29
12331Completed NSE at 23:29, 0.00s elapsed
12332Initiating Parallel DNS resolution of 1 host. at 23:29
12333Completed Parallel DNS resolution of 1 host. at 23:29, 0.02s elapsed
12334Initiating UDP Scan at 23:29
12335Scanning 79.170.50.171 [14 ports]
12336Completed UDP Scan at 23:30, 4.33s elapsed (14 total ports)
12337Initiating Service scan at 23:30
12338Scanning 12 services on 79.170.50.171
12339Service scan Timing: About 8.33% done; ETC: 23:49 (0:17:47 remaining)
12340Completed Service scan at 23:31, 102.58s elapsed (12 services on 1 host)
12341Initiating OS detection (try #1) against 79.170.50.171
12342Retrying OS detection (try #2) against 79.170.50.171
12343Initiating Traceroute at 23:31
12344Completed Traceroute at 23:31, 7.22s elapsed
12345Initiating Parallel DNS resolution of 1 host. at 23:31
12346Completed Parallel DNS resolution of 1 host. at 23:31, 0.00s elapsed
12347NSE: Script scanning 79.170.50.171.
12348Initiating NSE at 23:31
12349Completed NSE at 23:32, 7.41s elapsed
12350Initiating NSE at 23:32
12351Completed NSE at 23:32, 1.50s elapsed
12352Nmap scan report for 79.170.50.171
12353Host is up (0.20s latency).
12354
12355PORT STATE SERVICE VERSION
1235653/udp open|filtered domain
1235767/udp open|filtered dhcps
1235868/udp open|filtered dhcpc
1235969/udp open|filtered tftp
1236088/udp open|filtered kerberos-sec
12361123/udp open|filtered ntp
12362137/udp filtered netbios-ns
12363138/udp filtered netbios-dgm
12364139/udp open|filtered netbios-ssn
12365161/udp open|filtered snmp
12366162/udp open|filtered snmptrap
12367389/udp open|filtered ldap
12368520/udp open|filtered route
123692049/udp open|filtered nfs
12370Too many fingerprints match this host to give specific OS details
12371
12372TRACEROUTE (using port 137/udp)
12373HOP RTT ADDRESS
123741 196.14 ms 10.242.200.1
123752 ... 3
123764 196.86 ms 10.242.200.1
123775 196.67 ms 10.242.200.1
123786 196.65 ms 10.242.200.1
123797 196.64 ms 10.242.200.1
123808 196.63 ms 10.242.200.1
123819 196.62 ms 10.242.200.1
1238210 196.62 ms 10.242.200.1
1238311 ... 18
1238419 195.85 ms 10.242.200.1
1238520 196.19 ms 10.242.200.1
1238621 ... 27
1238728 197.75 ms 10.242.200.1
1238829 ...
1238930 195.03 ms 10.242.200.1
12390
12391NSE: Script Post-scanning.
12392Initiating NSE at 23:32
12393Completed NSE at 23:32, 0.00s elapsed
12394Initiating NSE at 23:32
12395Completed NSE at 23:32, 0.00s elapsed
12396Read data files from: /usr/bin/../share/nmap
12397OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
12398Nmap done: 1 IP address (1 host up) scanned in 130.29 seconds
12399 Raw packets sent: 147 (13.614KB) | Rcvd: 27 (2.988KB)
12400#######################################################################################################################################
12401 Anonymous JTSEC #OpSaudiArabia Full Recon #9